Web application security - the fast guide 1.1

Chapter 9 - Secure Application Development CLASP Best Practices CLASP Activities 1. Institute awareness programs Institute security awareness program 2. Perform application assessments 3. Capture security requirements P a g e | 181 Related Project Roles  Project manager Perform security analysis of system requirements and design (threat modeling)  Security auditor Perform source-level security review   Identify, implement, and perform security tests  Test analyst Verify security attributes of resources  Tester Research and assess security posture of technology solutions   Identify global security policy  Identify resources and trust boundaries   Owner: architect Key contributor: requirements specifier Identify user roles and resource capabilities   Owner: architect Key contributor: requirements specifier Specify operational environment  Owner: requirements specifier Key contributor: architect  Detail misuse cases   4. Implement secure development practices Owner: security auditor Key contributor: implementer, designer Owner: designer Key contributor: component vendor Requirements specifier Owner: requirements specifier Key contributor: stakeholder Identify attack surface  Document security-relevant requirements  Apply security principles to design  Designer Annotate class designs with security properties  Designer Implement and elaborate resource policies and security technologies  Implementer Implement interface contracts  Implementer  Designer Owner: requirements specifier Key contributor: architect

Web application security - the fast guide 1.1 | Page 181