About Security Awareness and Education

The best way to ensure application security is through education. Developers and project leaders should be aware of security issues and secure coding practices. Training for these roles should include an in-depth explanation of the potential risks, as well as cover the features of the development and deployment platforms that help mitigate exploits.

The most important design principle for application security is to implement security by design and by default. Secure coding guidelines should be made available, adhered to, and enforced in all development organizations, irrespective of the tools and platforms being used.

An example of security by default is the behavior of elevators in case of a power outage. Instead of releasing the breaks, we expect elevators to apply the breaks for the safety of passengers in the cabin. The elevator applies the brakes because this was defined as the default behavior.

So, before thinking about how to prevent external attacks, identify secure defaults for an application that can protect it from the inside. This, however, does not work well without training and awareness.