On this page, we have gathered some resources for development teams to help improve security. We address each assurance technique in turn. Note that we may receive a token commission on referrals.
The UK Industry body for penetration testers, CREST lists its approved suppliers here, including support worldwide.
The activities Product negotiation, Contingency plan, Security champion, Standardisation, and On-the-job training are team-based. For support on them we recommend the resources below.
'Agile Application Security' is the book we wish had been there when we first looked for software security advice. It provides a good introduction on software security for application developers, and to agile software development for security experts, and explores a range of issues. Though it assumes that there are security experts available to work with each development team, is easy to read, and contains invaluable practical advice and some recommendations on practical tools to use.
'Threat Modelling' sets out and achieves to be the definitive guide to threat modelling. Based on the author’s extensive experience at Microsoft, it’s targeted at security experts, and assumes more technical knowledge than many software developers will have; but the writing is approachable to anyone, and this is definitely a book to have on your shelf.
The standard online starting point for 'technical security' aspects of code:
Though not specific to software development, this monthly email of links to security-related news stories is one of the most widely-used resources for software developers who want to keep up to date with security issues.
Supported by these, you can have a state-of-the-art knowledge of the best ways to achieve software development security.
May success attend your efforts! And please let us know how you get on, and what might help us improve this work for other readers.