The current security standards advise to implement Security by Design. The purpose of Security by Design is to incorporate security from the start of the software development. Security needs to be implemented in each level of your software development, because security is more than only policies or documents.
...
There are several frameworks like OpenSAMM or BSIMM to support your SDLC lifecycle and evolution.! Important to note! Your
Your application building, testing and deployment process must implement:
- Verification that none of your components and third-party libraries
...
- have no vulnerabilities or security issues.
...
- Tests that ensure that the application shows no known vulnerabilities to any type of malicious code.
...
- Dependency management so third-party libraries can be checked for security issues in vulnerability databases.
- When deploying applications or mobile apps all debugging information and settings must be disabled
- A mobile app need to be signed and obfuscated.