Segregating software development, testing and production environments can limit the spread of malicious code and minimises the likelihood of faulty code in a production environment.
Security Control: 0400; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Should
Software development, testing and production environments are segregated.
Security Control: 1419; Revision: 1; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Should
Development and modification of software only takes place in development environments.
Security Control: 1420; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Must
Information in production environments is not used in testing or development environments unless the testing or development environments are secured to the same level as the production environments.
Security Control: 1422; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Should
Unauthorised access to the authoritative source for software is prevented.
Secure software design
Threat modelling is an important part of secure software design. Threat modelling identifies at risk components of software, enabling security controls to be identified to reduce security risks.
Security Control: 1238; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Should
Threat modelling and other secure design techniques are used to ensure that threats to software and mitigations to those threats are identified and accounted for.
Secure programming practices
Once a secure software design has been identified, secure programming practices should be followed during software development activities.
Security Control: 0401; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Should
Platform-specific secure programming practices are used when developing software, including using the lowest privilege needed to achieve a task, checking return values of all system calls and validating all inputs.
Software testing will lessen the possibility of security vulnerabilities in software being introduced into a production environment. Software testing can be performed using both static testing, such as code analysis, as well as dynamic testing, such as input validation and fuzzing. Using an independent party for software testing will remove any bias that can occur when a software developer tests their own software.
Security Control: 0402; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS; Priority: Should
Software is tested for security vulnerabilities by software developers, as well as an independent party, before it is used in a production environment.
An example of a secure development life cycle model, known as the Trustworthy Computing Security Development Lifecycle, and used by Microsoft in the development of all versions of Microsoft Windows since Microsoft Windows 2003, is available at https://msdn.microsoft.com/en-au/library/ms995349.aspx.
Further information on secure coding practices is available at https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=21274.