Building with Security in Mind

Penetration Tests at the end of a project…. Yes fine — You need enough built to make it worthwhile. However it’s not the only thing. You should be building with security in mind. Having the wrong requirements or making the wrong design decision could potentially open up security holes. Let’s imagine a simple example, such as what your password management policy would be. You decide to make it only restricted to 8 character longs and only letters from the alphabet. This makes it easier for a person to hack into the system. It is a simple example, but hopefully showcases what I mean. Rather than waiting for a penetration test at the end of the project, you can call out the security flaw in the requirements or design.

Everyone has a responsibility to build with security in mind

Sometimes you might have security expertise in the team. In my opinion, everyone on a team has a responsibility for building with security in mind. It is not only a “security experts’’ job to do this.

How do you get involved?

If you’re not sure where to start with security, then I recommend starting with learning the CIA triangle, which stands for Confidentiality, Integrity and Availability. Do some googling on this and learn what each of these mean.

Reference for image: https://www.itgovernance.co.uk/blog/what-is-the-cia-triad-and-why-is-it-important