Skip to content

Dated: 03-12-2024

Ch03. Security Hardening of Software Applications - Introduction

  • Two types of security hardening:
    • IT assets (systems, network devices, databases, applications)
    • Software developed internally or by third party
  • Typical enterprise software:
    • ERP (Oracle, SAP, IBM, etc)
    • Internally or 3rd party developed software in ASP.NET, PHP, Android/iOS, or other platform
      Pasted image 20241203184010.png
      Pasted image 20241203184015.png
      Pasted image 20241203184023.png
  • Useful resources:
    • www.OWASP.org
    • www.cloudsecurityalliance.org
    • MS Technet
    • OWASP Top 10
    • OWASP Secure Coding Practices Quick Reference Guide
    • SAMM
  • Conclusion:
    • Software security hardening is a challenging activity
    • Build software security program & integrate with QA
    • Domain specific knowledge required
    • Build capabilities and process following SAMM