Chapter 8 - Domain 8: Application Development Security

Abstract

This chapter explores how to develop software that is robust and secure. It covers programming fundamentals such as compiled versus interpreted languages as well as procedural and object-oriented programming languages. As computers have become more powerful and ubiquitous, the process and methods used to create software have grown and changed. As software has grown in complexity, programming has increasingly become a team effort. Team-based projects require project management: to provide a framework with deliverables and milestones, to divvy up tasks, direct team communication, evaluate and report progress, and deliver a final product. Application development models such as the Waterfall Model, the Spiral Model, eXtreme Programming (XP), and others are also discussed. Ultimately, large application development projects may closely resemble projects that have nothing to do with software, such as widget production or bridge building. Development methods such as the Waterfall and Spiral Models are often close cousins to non-programming models. They can be thought of as project management methods, with additional features to support code writing. The chapter also describes common software vulnerabilities, ways to test for them, and maturity frameworks to assess the maturity of the programming process and provides ways to improve it. The use of a formal methodology for developing software followed by a rigorous testing regimen is best practice. The five steps of the Capability Maturity Model (CMM) mimic the process most programming organizations follow, from informal to mature, always seeking improvement: initial, repeatable, defined, managed, and optimized.