Today most commercial applications are designed for functionality with security usually an afterthought. This has caused the modern world a host of security-related problems such as legitimate programs allowing users to perform otherwise restricted functions through subversion.
A day does not go by without someone releasing a ‘security alert’ regarding a particular program. Soon after (or we hope) its creator releases a ‘bug-fix’ that hopefully fixes the flawed program. Since both hackers and system administrators have access to this information, it is literally a race for the administrators to fix their faulty systems before the hackers can attack the weakness.
Therefore, the security of a particular product actually starts with the original programmer. Application and Systems Development Security is an extremely important topic for programmers and the continued importance of information security.
This domain includes:
- Systems development life cycle (SDLC)
- Application environment and security controls
- Effectiveness of application security