Dr. Drew Hwang, CIS, Cal Poly Pomona
Secure Web Development
Online Stores Case
Software Security Best Practices
As practitioners become aware of software security’s importance, they are increasingly adopting and evolving a set of best practices to address the problems.
Most approaches in practice today encompass training for developers, testers, and architects, analysis and auditing of software artifacts, and security engineering.
(source: McGraw, 2004)
The figure above specifies one set of best practices and shows how software practitioners can apply them to the various software artifacts produced during software development.
G. McGraw, "Software Security," IEEE Security & Privacy, vol. 2, no. 2, 2004, pp. 80–83.