Most organizations use web applications through the use of the internet as part of their business process and functions to fulfill their objectives, business requirements and needs of their company. When implementing these applications, they have to make sure that security is a part of each step that they follow in the development lifecycle. If security is not implemented, then such software or applications, such as web server or web application, can be detrimental to the organization and cost in money, time, production, and many other areas of the business. There is so much information that is used and passed along within an organization that it is imperative that the correct information is used …show more content…
Microsoft adopted the security development lifecycle to help to fight against malicious attacks. The SDL entail and include changing a software development organization 's methods and procedures by incorporating controls that direct and guide to superior software security: the purpose of these modifications is to insert clear and precise security checkpoints and security deliverables (Howard, 2005). This has played a critical part in implanting/inserting security and privacy in the software development process by merging a holistic and practical approach (Gregory, 2003). Security and privacy practices are introduced early on and developed and implemented throughout all phases of the development …show more content…
Authorization and privileges are created and granted, which will include which part of the system will be user interfaces and interaction, how to keep all security controls, and threats are identified. In the implementation phase, vulnerabilities and threats are now looked for in the code in the structural errors and input errors (Howard, 2005). Testing of the code is the best way to perform this task. In the verification phase, it will include a final security check that will review all code that interacts with all attacks surfaces found in the design phase. Lastly, a security review is done, where the security measures are explained in terms of the end client’s stances and what and how the product is setup to withstand attacks in the future (Howard, 2005). The final phase is watching out for new vulnerabilities and implementing fixes patches and updates in a timely matter to alleviate future compromises. Also in this phase, reports are created of errors that have occurred and prevention of new errors from rising.
The web server attack can cause harm to an organizations name and brand. The consequences can be website damage and destruction, compromised information, alteration of data (users ' personal data), and web server infringement. So ensuring that throughout the development lifecycle security is embedded and check can help to alleviate or at least minimize these