Web application security engineering

The review of the steps involved in applying security-specific activities throughout the software development life cycle, is presented. The real weakness in the bolt-on approach, based on the concept that "make it work, and then make it right" is that some of the more important design decisions that impact an applications security have a cascading effect on the rest of applications design. The review suggested that objectives, threat modeling, design guidelines, architecture and design review, code review, and testing are the base line activities for security engineering. Performing a preliminary scan using static analysis, reviewing code for security issues and finding security vulnerability, and reviewing for security issues unique to users system architecture can be the tools for identifying security code review objectives. An application may behave different during development and production as the developers are unknown to the infrastructure constraints.