Strengthen the SSDLC for Enterprise Mobile Applications
Where is there is code, there are vulnerabilities.
Onsite Workshop
Not developing your mobile apps for high security can risk:
- Developers being frustrated with spending significant time to refactor code after releasing it to production.
- End users who are frustrated with inconsistent or unacceptable application experiences.
- Application runtime issues due to malicious attacks.
Implementing a standard optimization toolkit will enable your organization to:
- Consistently develop highly secure mobile applications as it relates to the SSDLC.
- Increase the quality of your business applications by ensuring the integrity of critical enterprise data.
Module 1: Assess Your Secure Mobile Development Practices
The Purpose
- Identification of the triggers of your secure mobile development initiatives.
- Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.
- Identification of the execution of your mobile environment.
- Assessment of the mobile threats and vulnerabilities to your systems architecture.
- Prioritization of your mobile threats.
- Creation of your risk register.
Key Benefits Achieved
- Key opportunity areas where a secure development optimization initiative can provide tangible benefits.
- Identification of security requirements.
- Prioritized list of security threats.
- Initial mobile security risk register created.
Activities: | Outputs: | |
---|---|---|
1.1 | Establish the triggers of your secure mobile development initiatives. |
|
1.2 | Assess the security vulnerabilities in your mobile applications from an end-user perspective. |
|
1.3 | Understand the execution of your mobile environment with a systems architecture. |
|
1.4 | Assess the mobile threats and vulnerabilities to your systems architecture. |
|
1.5 | Prioritize your mobile threats. |
|
1.6 | Begin building your risk register. |
|
Module 2: Implement and Test Your Secure Mobile Techniques
The Purpose
- Discovery of secure development techniques to apply to current development practices.
- Discovery of new user stories from applying secure development techniques.
- Discovery of new test cases from applying secure development techniques.
Key Benefits Achieved
- Areas within your code that can be optimized for improving mobile application security.
- New user stories created in relation to mitigation steps.
- New test cases created in relation to mitigation steps.
Activities: | Outputs: | |
---|---|---|
2.1 | Gauge the state of your secure mobile development practices. |
|
2.2 | Identify the appropriate techniques to fill gaps. |
|
2.3 | Develop user stories from security development gaps identified. |
|
2.4 | Develop test cases from user story gaps identified. |
|
Module 3: Monitor and Support Your Secure Mobile Applications
The Purpose
- Identification of key metrics used to measure mobile application security issues.
- Identification of secure mobile application and development process optimization initiatives.
- Identification of enablers and blockers of your mobile security optimization.
Key Benefits Achieved
- Metrics for measuring application security.
- Modified triaging process for addressing security issues.
- Initiatives for development optimization.
- Enablers and blockers identified for mobile security optimization initiatives.
- Process for developing your mobile optimization roadmap.
Activities: | Outputs: | |
---|---|---|
3.1 | List the metrics that would be gathered to assess the success of your mobile security optimization. |
|
3.2 | Adjust and modify your triaging process to enhance handling of security issues. |
|
3.3 | Brainstorm secure mobile application and development process optimization initiatives. |
|
3.4 | Identify the enablers and blockers of your mobile security optimization. |
|
3.5 | Define your mobile security optimization roadmap. |
|