[WEB SECURITY] Security in requirment gathering phase
daveyrr at gmail.com
Sun May 30 11:09:22 EDT 2010
I want to implement secure SDLC for applications developed in my
For requirement gathering phase ,I plan to make a exhaustive list of
application security controls for various caegories like Authentication ,
Session Mangement , Auditing and Logging etc and ask my application team to
accept /reject them based on requirement , with suitable comments.Which can
be furhter used during design phase to make sure all the necessary controls
identified as a part of requirement are coverd.
I plan to follow this up by a threat modeling activity during the design
Will this be sufficient ? If someone can suggest a better approach for
Requirement gathering and Design Phase phase.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity