...
As applications are developed for mobile computing, security requirements need to be included from the beginning. Developing a Campus Mobile Strategy: Guidelines, Tools, and Best Practices is an EDUCAUSE resource that offers an excellent strategy for mobile devices, including security considerations.
Applications often include data bases for backend processing. In the following case study, UC, Irvine provides a security checklist for data base administrators.
Campus Case Study: Application Security for Database Administrators - UC, Irvine
An important aspect of overall information systems design involves the credentials that will be used to access the system. The InCommon Identity Assurance Profiles Bronze and Silver (IAP) document specifies requirements that Identity Provider Operators must meet in order to be eligible to include InCommon Identity Assurance Qualifiers in Identity Assertions that they offer to Service Providers. The IAP provides excellent security requirements for identity management systems. In particular, Section 4.2.3, Credential Technology specifies requirements for issuing and securing credentials. Further guidance involving credential technology can be found in NIST SP 800-63.
...
JIRA is a project tracking tool that is very useful for bug tracking and change management. Jira workflows can be customized and used to formalize testing procedures.
The following institutional case studies break down application security by the respective audience - management and architects, developers and QA staff, and the database administrator. Each area is instrumental in providing the comprehensive approach to ensure application layer security.
Campus Case Study: Application Security for Developers and Quality Assurance Personnel - UC, Irvine
The need for highly skilled developers and support personnel cannot be emphasized enough. Security training is expensive, but can save the institution both dollars and reputation in the long run. The SANS Educational Institutions Program is a partnership that helps to lower the cost of training for higher education security professionals. Relevant courses for software developers are listed in the SANS Secure Software Development Training Curriculum. System administrators will benefit from the SANS System Administration Training Curriculum.
...
Resources
...