Secure Software Development
Cyber Risk Services
Organisations store sensitive information to a large extent in custom developed applications designed and developed specifically for this purpose. Due to their nature security should be a crucial aspect of these applications and should be included in the software development life cycle.
- Due to the rapid changes in the business environment, emphasis is on functionality development, not on security.
- Developing secure software needs special knowledge, tools and methodologies. Developers often lack this expertise.
- Security is often only thought of after breaches and attacks are detected.
The Deloitte approach focuses on embedding security in all phases of the development process:
- Analyse the current process against best-practices for secure software development.
- Define an updated process which includes security in all phases of the development: design, implementation, testing and operation.
- Assist the organisation in developing methodologies, templates, test-plans to implement the secure
software development process.
- Deliver training to personnel involved in software development.
- Enable organisations to ensure that 3rd party developments meet their requirements by implementing guidelines, assessment methodologies and processes.
- Periodic training of developers on common security vulnerabilities, developer best practices and testing techniques.
- Definition of explicit security requirements based on relevant risks to the application.
- Measurement methodology on how security requirements were implemented in the application and how they have been tested.
- Definition of test-cases specifically to test the security of the application.
- Periodic security monitoring of the applications and any third party components for vulnerabilities after deployment.
- Readily available methodologies for secure software development, including regulations, guidelines and assessment tools.
- Qualified team not only with deep understanding of security, but with experience in software development and testing.
- Complete service offering with support from design though implementation and testing to operation.