[WEB SECURITY] Security in requirment gathering phase

dave perry daveyrr at gmail.com
Sun May 30 11:09:22 EDT 2010


I want to implement secure SDLC for applications developed in my
organization.

For requirement gathering phase ,I plan to make a exhaustive list of
application security controls for various caegories like Authentication ,
Session Mangement , Auditing and Logging etc  and ask my application team to
accept /reject them based on requirement , with suitable comments.Which can
be furhter used during design phase to make sure all the necessary controls
identified as a part of requirement are coverd.

I plan to follow this up by a threat modeling activity during the design
phase.

Will this be sufficient ? If someone can suggest a better approach for
Requirement gathering and Design Phase phase.

Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100530/b57f968d/attachment.html>


More information about the websecurity mailing list