Summarization should include
- development life-cycle models
- Secure DevOps
- security automation
- continuous integration
- baselining
- immutable systems
- infrastructure as code
- secure coding techniques
- proper error handling
- proper input validation
- normalization
- stored procedures
- code signing
- encryption
- obfuscation/camouflage
- code reuse/dead code
- server-side vs. client-side execution and validation
- memory management
- use of third-party libraries and software development kits (SDKs)
- data exposure
- provisioning and de-provisioning
- version control and change management
- code quality and testing
- static code analyzers
- dynamic analysis (e.g., fuzzing)
- stress testing
- sandboxing
- model verification
- compiled vs. runtime code.
Process/Skill Questions:
- Why is version control and change management critical to secure application development?
- What are secure coding techniques?
- Why are code walk-throughs and code quality assurance testing so important?