Application Development Security Standard – Using our clients Software Development Lifecycle (SDLC) as basis, KoreLogic developed this additional security standard critical and  foundational to the program.  This tool is kept sufficiently succinct to encourage its use during a busy development project and focused on the most common and preventable errors (i.e., what an experienced attacker looks for).  Development managers, QA and security use this standard as a baseline measurement for all newly developed applications as well as for any application undergoing revisions prior to taking into production.  Any issues annotated are treated as changes or defects just as if a functional problem in code existed and their remediation handled through same QA process.

Customized Development Training - KoreLogic through its many years of security experience has found that nothing hits home more with your development teams as seeing specific examples of their own coding which have created security vulnerabilities.  The point is not to criticize but instead learn and change tendencies.  Application developers are challenged to make the code work functionally, they are not incentivized to make it secure.  In order to bridge this gap and to emphasize the need for security, KoreLogic ‘develops’ customized application security training class specific to the customer (completed in conjunction with a testing effort).  We include customer-specific instances; recurring flaws discovered during assessments that year; and examples of application development techniques that thwarted successful attacks within the curriculum.  In addition, KoreLogic has found this to be a great forum to introduce and train developers on the current Application Development Security Standard.  KoreLogic recommend this training be required of all developers, project managers and security teams. 

Establish Program Metrics – For programs progressing in maturity (items above established), KoreLogic develops a metrics program which will allow you to track and report the occurrence of critical, recurring vulnerabilities it discovers during the QA process, pre- and post-production assessments.  Key metrics are collected and analyzed, quantitative measurements for quality and process performance are documented.  Metrics provide the foundational information you need to justify changes in the security standard, additional training, improvements in the QA process and/or assessment efforts. 

Developer Support Website –  To provide a forum for easily accessible knowledge repository (tools, standards, best practices, FAQs, blogs) for developers to seek or contribute web application security development program, KoreLogic will support your efforts to develop such a Intranet site.

Identify, communicate, and better manage the prevention of recurring application vulnerabilities. Thus lessening the potential for business data leakage, customer data loss, loss of functionality and/or business liability. 

Improved security consistency across multiple development groups.

Available performance and trend tracking of application vulnerabilities to allow business action based on factual historical and event data.