3 Web Development Best Practices to Safely Launch Your New Banking & Financial Services Application

See AMP Version

We will discuss 3 Web Development Best Practices that can help you safely launch your new specialized banking & financial services application. We should have said three Web Development Best Practices of security since security is so crucial in the Banking and Finance sectors and it is the main topic of this post.

Do we really have to go back and review all the security threats and online hacks and attacks that happened over just the last 5 years or so… I hope not?

All financial institutions and banks have developed a strict policy for systematically securing their critical clientele web applications. But they should also apply such a targeted policy when developing web applications dedicated to their personnel by making development choices that will address today’s security requirements and adapt to help meet tomorrow’s challenges.  Therefore, they must carefully identify all web access to database and process involved in these web application projects and assess the level of risk presented by each type of online communications or user group; ideally, at the development stage.

Because security fixing costs 100 times more to correct once in production than in development. So, it would save a lot of pain and revenues to test-find security flaws at the latter stage.

The Java Case

Not that we don’t like Java, of course, we do. But Java vulnerabilities have increased 3 times since 2012. Java’s strength is also its weakness; code once, deploy everywhere… so do attackers. It’s just something to take into account!

 

Basic Common Sense

  1. Get the Dev Team appropriate secure coding training. Management may not but should support and fund training camps and courses, one cannot stress enough the utmost importance of acquiring these skills. Your Development Team should really be up to date with the latest security threats and principles, countermeasures and defense techniques; and they should know the Web Development Best Practices in terms of security. If not, then hire a Software Developer company whose Team is.

 

  1. Enforce application security testing through development. There are a number of testing solutions out there which Gartner has thoroughly analyzed: Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking at source code, byte code or binaries. And finally, Interactive Application Security Testing (IAST) integrating both Dynamic and Static Security Testing. Get to it or hire a Software Developer company which knows this stuff.

 

  1. Capture meaningful events and errors. You won’t be able to perform a thorough investigation and learn from it unless you have implemented comprehensive and systematic log and events recordings and backups. Most management won’t understand the benefits of doing this unless you take time to explain carefully and in full details its usefulness in case of a breach / attack or unless you actually experience a breach… but then, it may be too late!

 

Learn to Communicate & Integrate…

So, before you create another big problem because your new specialized web application testing was done at the end of the development cycle since the security team is not part of what you consider success factors, therefore it has not been integrated with the development team or maybe just because Management doesn’t fully grasp the extent to which the risks of a vulnerable web app on the market can hit both reputation and revenues, so testing has been neglected; in any case, do establish formal communication procedures and testing at the development stage by integrating the security team with your development team.

 

Conclusion

The world evolves constantly and so do security coding practices… and unfortunately, security threats as well; so keep up with it.

Security is no small matter in Banking & Financing even when it comes to specialized web application dedicated to your personnel; so if your Dev Team does not have security expertise then hire experts.

 

Happy Web Development…

 

2 Comments

Vince

I agree ! Java is vulnerable, I won’t advice anyone to use java code for security reasons. Banking system should always ensure security and I think Java can’t provide the assurance.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *