Strengthen the SSDLC for Enterprise Mobile Applications

Tackle secure development techniques to close the gaps on vulnerabilities.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • CEOs see mobile for employees as their top mandate for upcoming technology innovation initiatives, making security a key competency for development.
  • Unsecure mobile applications can cause your employees to question the mobile applications’ integrity for handling sensitive data, limiting uptake.
  • Secure mobile development tends to be an afterthought, where vulnerabilities are tested for post-production rather than during the build process.
  • Developers lack the expertise, processes, and proper tools to effectively enhance applications for mobile security.

Our Advice

Critical Insight

  • Organizations currently react to security issues. Info-Tech recommends a proactive approach to ensure a secure software development life cycle (SSDLC) end-to-end.
  • Organizations currently lack the secure development practices to provide highly secure mobile applications that end users can trust.
  • Enable your developers with five key secure development techniques from Info-Tech’s development toolkit.

Impact and Result

  • Embed secure development techniques into your SDLC.
  • Create a repeatable process for your developers to continually evaluate and optimize mobile application security for new threats and corresponding mitigation steps.
  • Build capabilities within your team based on Info-Tech’s framework by supporting ongoing security improvements through monitoring and metric analysis.

Contributors

  • Dan Cornell, CTO and Principal, Denim Group Ltd.
  • Nicholas Harlow, Director of Product Management, Sencha
  • Jim Ivers, Vice President of Marketing, Cigital
  • Amit Sethi, Principal Consultant, Citigal
  • Emilio Chemali, Director - Business Intelligence & Analytics, MRE Consulting
  • Erik Bjerkelund, Manager of Application Services, Corix
  • John Petterle, Managing Partner, ONE Desktop LLC
  • Andrew Hoog, CEO & Co-Founder, NowSecure

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should adopt secure development techniques for mobile application development, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

  1. Assess secure mobile development processes

    Determine the current security landscape of mobile application development.

  2. Implement and test secure mobile techniques

    Incorporate the various secure development techniques into current development practices.

  3. Monitor and support secure mobile applications

    Create a roadmap for mobile optimization initiatives.

Guided Implementation icon Guided Implementation

This guided implementation is a five call advisory process.

    Guided Implementation #1 - Assess secure mobile development processes

  • Call #1: Assess your secure mobile development practices

  • Guided Implementation #2 - Implement and test secure mobile techniques

  • Call #1: Optimize the security of existing mobile applications

  • Call #2: Test the effectiveness of the mobile development techniques

  • Guided Implementation #3 - Monitor and support secure mobile applications

  • Call #1: Identify the metrics to monitor your secured mobile applications

  • Call #2: Optimize your support procedures to address mobile security issues

Onsite Workshop

Module 1: Assess Your Secure Mobile Development Practices

The Purpose

  • Identification of the triggers of your secure mobile development initiatives.
  • Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.
  • Identification of the execution of your mobile environment.
  • Assessment of the mobile threats and vulnerabilities to your systems architecture.
  • Prioritization of your mobile threats.
  • Creation of your risk register.

Key Benefits Achieved

  • Key opportunity areas where a secure development optimization initiative can provide tangible benefits.
  • Identification of security requirements.
  • Prioritized list of security threats.
  • Initial mobile security risk register created. 

Activities: Outputs:
1.1 Establish the triggers of your secure mobile development initiatives.
  • Mobile Application High-Level Design Requirements Document
1.2 Assess the security vulnerabilities in your mobile applications from an end-user perspective.
  • Systems Architecture Diagram
1.3 Understand the execution of your mobile environment with a systems architecture.
1.4 Assess the mobile threats and vulnerabilities to your systems architecture.
1.5 Prioritize your mobile threats.
1.6 Begin building your risk register.

Module 2: Implement and Test Your Secure Mobile Techniques

The Purpose

  • Discovery of secure development techniques to apply to current development practices.
  • Discovery of new user stories from applying secure development techniques.
  • Discovery of new test cases from applying secure development techniques.

Key Benefits Achieved

  • Areas within your code that can be optimized for improving mobile application security.
  • New user stories created in relation to mitigation steps.
  • New test cases created in relation to mitigation steps.

Activities: Outputs:
2.1 Gauge the state of your secure mobile development practices.
2.2 Identify the appropriate techniques to fill gaps.
  • Mobile Application High-Level Design Requirements Document
2.3 Develop user stories from security development gaps identified.
2.4 Develop test cases from user story gaps identified.

Module 3: Monitor and Support Your Secure Mobile Applications

The Purpose

  • Identification of key metrics used to measure mobile application security issues.
  • Identification of secure mobile application and development process optimization initiatives.
  • Identification of enablers and blockers of your mobile security optimization.

Key Benefits Achieved

  • Metrics for measuring application security.
  • Modified triaging process for addressing security issues.
  • Initiatives for development optimization.
  • Enablers and blockers identified for mobile security optimization initiatives.
  • Process for developing your mobile optimization roadmap.

Activities: Outputs:
3.1 List the metrics that would be gathered to assess the success of your mobile security optimization.
3.2 Adjust and modify your triaging process to enhance handling of security issues.
3.3 Brainstorm secure mobile application and development process optimization initiatives.
  • Mobile Optimization Roadmap
3.4 Identify the enablers and blockers of your mobile security optimization.
3.5 Define your mobile security optimization roadmap.

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Application Development Map

Hide Details

Search Code: 77364
Published: April 22, 2015
Last Revised: September 8, 2015

GET HELP Contact Us
×
VL Methodology