Software Security in Production
Here we talk about the production stage in the software security and why it is such an important phase.
You might wonder why do we have this phase at all as system is already in production.
The goal of the production phase is to make sure the system is still secure even in production. Its not enough that the system is secure when it went live but it should continue to be secure.
We should continue to be vigilant and look for new security related threats and potential attacks.
System security is an on-going process that never ends. The system that was secure one year ago might no longer be so. New risks show up almost everyday. New viruses, threats appears all of the time and present new risks.
How do we make sure the system is still secure?
There are mainly two ways. We need to do,
- Security Review
- Penetration Testing
Security Review
As mentioned before, the software security is not static and new security threats are always developing. We hear about new virus, worms and security flaws almost daily basis. We must make sure the system is protected against new threats.
Once in a while, for example once per month we should conduct a security review. This security review is actually a meeting which ideally should include all the participants in the project. In this meeting we can review new…
