In April 2011 Forrester Research wrote a new study on Application Security. This study, titled Application Security: 2011 & Beyond led by Dr Chenxi Wang, Lead Analyst at Forrester Research, provides valuable research, insights and recommendations for security and risk professionals. We have since made this study publically available in hopes of creating greater awareness around the importance of secure application development.
The report observes that sufficient resource allocation to address application security remains a significant issue for businesses – Even though secure application development is considered a top priority by IT professionals and web application hacking continues to be the number one source of data breach incidents.
Part of the challenge is getting development organizations to undergo the culture shift required to making risk management and mitigation in application development a priority. Dr Wang’s report shows that organizations who do make the investment in secure application development are realizing positive returns. (More information about return on investment can be found in our recent blog post and in the MidAmerican case study).
There are several great recommendations in the paper which provide cost effective and incremental steps towards better application security. They include demanding better quality and security from vendors, acceptance testing for 3rd party software, disabling unused default accounts, building a secure operational environment around the application, and effective bug reporting and handling.
Additionally, one of the key recommendations identified in the paper is to implement a secure application development program, such as Microsoft’s Security Development Lifecycle. Take a look to see the latest information and tools that Microsoft makes freely available.
We encourage you to read this study and use it to think about how you can leverage the changing IT environment, such as the introduction of mobile technology and applications, to help provide the catalyst to enable change in your application development culture to improve application security.