Secure Apps

penrillian.gifSecurity is becoming more and more important. What with the latest SSL vulnerabilities, NSA/Snowden/GCHQ, user privacy concerns and more sophisticated malware, mobile app developers continually need to put more effort into app security. There’s a particular class of apps, for example banking and payment, that must be as secure as possible. I recently came across a great white paper, Secure Development Process (pdf), by Penrillian that nicely defines these ‘secure projects’ as…
“Projects where someone could get significant benefit illegitimately from a security weakness in the deliverables”

If you are developing an app such as this then you would do well to take a deep look at Penrillian’s recommendations.

penrilliansecureprojects.png

I suspect as mobile becomes ever more pervasive, some of these process areas might become standard for a greater proportion of apps and not just ‘secure apps’.