Writing code for compliance standards is still a young discipline; while PCI DSS has provided directives for application security testing and checks, GDPR has been less specific with its directive that new portals, websites, and applications which touch EU Citizen data be developed according to the principles of Privacy by Design.
What does that mean to the Application and Solution Architect? It means they need to figure out how to secure all future releases of applications, both web and mobile, to incorporate security by design in stages all the way through the SDLC from inception into production and end of life.
It is not a trivial task to change the mindset of Developers and Architects, and to make major changes toward a secured Software Development Lifecycle (SDLC). Learn how to bridge the communication gap by helping developers understand that adding security as an essential to every application and will reduce testing churn while speeding time to release.
Management, Engineering, Product, and Security, need to speak the language of the developer to support their daily tasks using a language they understand.
Read this white paper to learn more about:
- How to create manage a sustained program for GDPR application security compliance
- What non-functional requirements are, as opposed to functional
- Showing the map of data flows in design for multiple audiences
- How to select a testing strategy and tools
- Remediation vs. mitigation options – how to band-aid over a problem (for now)
- Integrating application security testing into daily security operations