Comments on: Security Policies in the Application Development Process http://securitymasala.wordpress.com/2008/01/27/security-policies-in-the-application-development-process/ Different Flavors of Information Security by Mano Paul Fri, 21 Nov 2008 16:33:55 +0000 http://wordpress.com/ hourly 1 By: Mano Paul http://securitymasala.wordpress.com/2008/01/27/security-policies-in-the-application-development-process/#comment-153 Mano Paul Tue, 29 Jan 2008 06:08:24 +0000 http://securitymasala.wordpress.com/?p=39#comment-153 I'd be interested to check it out. I’d be interested to check it out.

]]> By: RRabins http://securitymasala.wordpress.com/2008/01/27/security-policies-in-the-application-development-process/#comment-151 RRabins Mon, 28 Jan 2008 16:24:50 +0000 http://securitymasala.wordpress.com/?p=39#comment-151 Insightful points. When we were developing Alpha Five (a RAD IDE for database apps), developers told us they wanted these issues addressed in the product. We then developed a security framework that considers these questions, and allows developers to apply a security policy to Alpha Five desktop or Web apps. In its default state, the framework applies a policy based on generally accepted best security practices. It's customizable, of course. It can be applied with a click, and modified by developers using visual tools. I'd be interested to get your take on how well (or poorly) we implemented this concept. Let me know if you would be interested in giving it a spin, and I can arrange same. Insightful points. When we were developing Alpha Five (a RAD IDE for database apps), developers told us they wanted these issues addressed in the product. We then developed a security framework that considers these questions, and allows developers to apply a security policy to Alpha Five desktop or Web apps. In its default state, the framework applies a policy based on generally accepted best security practices. It’s customizable, of course. It can be applied with a click, and modified by developers using visual tools. I’d be interested to get your take on how well (or poorly) we implemented this concept. Let me know if you would be interested in giving it a spin, and I can arrange same.

]]>