Difference between revisions of "Developer Workflows"

From Cybersec Standards
Jump to: navigation, search
 
Line 21: Line 21:
 
== OWASP Secure Coding Practices Checklist ==
 
== OWASP Secure Coding Practices Checklist ==
 
This is a checklist of secure coding practices that can be integrated into the software development lifecycle. [https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/migrated_content Original checklist] at OWASP.org
 
This is a checklist of secure coding practices that can be integrated into the software development lifecycle. [https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/migrated_content Original checklist] at OWASP.org
 +
== Mobile App Security Checklist ==
 +
* [https://github.com/OWASP/owasp-mstg/tree/master/Checklists OWASP Mobile App Security Checklist] contains a workflow for mobile app developers to implement security in their products.
 +
Additional useful references:
 +
* [https://github.com/OWASP/owasp-mstg OWASP Mobile Security Testing Guide (MSTG)]
 +
* [https://github.com/OWASP/owasp-masvs OWASP Mobile Application Security Verification Standard]
 +
* [https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/SecurityDevelopmentChecklists/SecurityDevelopmentChecklists.html Apple Security Development Checklists]
 +
 
== ISO/IEC 24760-1:2019 IT Security and Privacy ==
 
== ISO/IEC 24760-1:2019 IT Security and Privacy ==
 
ISO provides guidance for implementing a framework for identity management. That is, the issuance, administration, and use of data that serves to characterize individuals, organizations or information technology components which operate on behalf of individuals or organizations.
 
ISO provides guidance for implementing a framework for identity management. That is, the issuance, administration, and use of data that serves to characterize individuals, organizations or information technology components which operate on behalf of individuals or organizations.

Latest revision as of 01:07, 26 July 2020

This is a workflow of technical tasks for developers who are building a COVID-19 app. This should be part of a holistic security program for your organization. Please refer to our full list of Workflows.

Data Security
App Security
Identity Management
  • ISO/IEC 24760-1:2019 IT Security and Privacy — A framework for identity management

CyberSec Standards Regional Compliance Checklist

Create an account for your app, and work through the compliance checklists for regional privacy laws at our developer portal.

OWASP Secure Coding Practices Checklist

This is a checklist of secure coding practices that can be integrated into the software development lifecycle. Original checklist at OWASP.org

Mobile App Security Checklist

Additional useful references:

ISO/IEC 24760-1:2019 IT Security and Privacy

ISO provides guidance for implementing a framework for identity management. That is, the issuance, administration, and use of data that serves to characterize individuals, organizations or information technology components which operate on behalf of individuals or organizations.

  • For organizational data: The proper management of identity information is necessary to maintain security of the organization and its processes.
  • For individuals' data: Proper identity management is required to protect individual privacy.

ISO/IEC 24760-1:2019 at the ISO/IEC Information Technology Task Force (ITTF) web site.