To system developers: What part of the development process do you consider security?

[redSilverDog]

Security,
very important! but how many developers do consider security threats at early stages? I once read somewhere, it 10x expensive to 'retrofit' security than to design at the beginning.

What security techniques and principles do you apply?

 

[Mtazamaji]

Security,
very important! but how many developers do consider security threats at early stages? I once read somewhere, it 10x expensive to 'retrofit' security than to design at the beginning.

What security techniques and principles do you apply?

IT willl depend on developement approach used. But security consideration and requirement should be gattered right fromthe initial phase of development phase regardkess of the approach.

sija particpte kwenye project miaka mingi but through experince and knowledge nadhani SRS( system requiiremnt specifiction) ni one of the output document inayotakiwa kugusia scope za security katika system. Hii SRS document in one of delivery katika phase ya Detailed Analysis

Factor nyingine ni size. Kama size ya project au system ni ndogo then it wont be big issue but kam size ya project ni kubwa then right from the beggining.

For best practice mwanzoni= Analysis

 

[redSilverDog]

IT willl depend on developement approach used. But security consideration and requirement should be gattered right fromthe initial phase of development phase regardkess of the approach.

sija particpte kwenye project miaka mingi but through experince and knowledge nadhani SRS( system requiiremnt specifiction) ni one of the output document inayotakiwa kugusia scope za security katika system. Hii SRS document in one of delivery katika phase ya Detailed Analysis

Factor nyingine ni size. Kama size ya project au system ni ndogo then it wont be big issue but kam size ya project ni kubwa then right from the beggining.

For best practice mwanzoni= Analysis

And who is responsible for security design?

 

[MAHENDEKA]

Lengo la kusecure system ni kuprevent attacks, remember
hackers wanafanya attack s in three forms 1.attack on confidentiality
2.attack on integrity
3.attack on authentification and authorization
Kimsingi security measures should be taken into consideration in all stages of development, from System requirement Specification mpaka kwenye Implementation japokuwa wengi wanaiconsider sana mwanzoni

 

[rpclem]

Is your system going to operate in house or across the Web? Agreed on each and every step consideration, stressing on the initial design.

Good place to start: http://www.sans.org/reading_room/whitepapers/application/security-scenarios-analysis-design_29

 

[YeshuaHaMelech]

It depends on Philosphy and Type of Application you are designing.
The real security issue is at coding level although risk assessment is at design level.
I will consider Data Access Layer deisgn as part that security must be well tight as it is part of Desktop app. that accesses data. BLL and GUI have little concern. And if you subscribe to MVC philosophy then design of Model is critical

My 2 cents

 

[kapistrano]

kwa upande wangu lazima uwe familiar na (SDLC) System development life cycle ambapo kwenye kila stage inakwambia vitu vya kuzingatia so even security will be there.

 

[MK254]

As a developer, every line of code must be written with security in mind. You must employ the concept of "defensive programming". Ensure every possible loophole is sealed before releasing your system. It's important to discuss security throughout the cycle of your system development, right from requirements gathering to software release.

However, I always make it clear to my clients that security of a system is as strong as the weakest point. As the developer, I can only do so much, but there are instances where I can't have control. Take for instance, a system administrators who are reckless with their passwords and allowing them to be copied and used by everyone. Or an admin who just got fired and they didn't remember to rid him/her off the system.

Security is a very long topic, and given the meager budgets allocated to systems development at times, it gets very difficult for developers to ensure all standards have been met.