The 2012 Ponemon Cato report on application security status shows that "Http://www.aliyun.com/zixun/aggregation/7155.html 71%" > Developers believe that security is not sufficiently valued in the software development lifecycle. This is confusing because organizations have now introduced new technologies into their security system development Lifecycle (SDLC). These new technologies (cloud computing and large data) will further enhance the Organization's security development process (if the organization has such a process).
This article outlines cloud computing and large data, their flaws and vulnerabilities from an application security perspective, and also describes how to safely develop applications on these platforms using a secure SDLC process.
Getting Started with security development
To introduce cloud and large data into a secure SDLC process, you must first introduce security into your organization's SDLC and always follow it. SDLC is a development process that focuses on five stages of developing high-quality software: requirements, design, development, testing, and implementation. Organizations must introduce security at every stage of the process. Whether using a specific process model, such as the Microsoft® Security Development Lifecycle (SDL; see figure 1) or (ISC) ²> best Practices (see Figure 2), using the Open Web creator secure Project (OWASP) Best practice, or introduce a custom framework to do this, SDLC is now a necessary condition for the development team.
Figure 1. The SDL process in Microsoft
Figure 2. Security Coding best Practices for (ISC) ²
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
