 Las Vegas, March 29, 2006
For many Java developers, application security has not been an issue they've wanted to address. That changed last week as a panel of application security experts tackled the subject at TheServerSide Java Symposium in Las Vegas.
The panel's message was clear: Not only is it important to know what your risks are, but you need to develop a plan to incorporate security in all levels of software development. Led by moderator Cameron Purdy, president of Somerville, Mass.-based Tangosol, panelists Jeremiah Grossman, Ted Neward, Christopher Steel and Justen Stepka agreed that application security can't be an afterthought. You need a plan from the beginning.
Christopher Steel, founder and president of FortMoon Consulting and author of Core Security Patterns, went even further and said you need to ensure security is built in at every layer and at ever step of the development life cycle. "You need to make sure testing is done all along the way -- white box testing, black box testing -- and sign off on each step."
| 
