5.5. Summary

At the beginning of this chapter, we proclaimed boldly that the security of an application is inextricably bound to the secure configuration and operation of the environment in which the application will reside. Yet, in discussions about developing secure software, these operations factors are rarely, if ever, considered. In fact, when we started writing this book, we also considered these issues to be outside its scope. As we progressed and our collaboration efforts continued, however, we became convinced that it was essential to include them. We had simply seen too many cases of companies making major mistakes in setting up their business-critical applications and suffering the consequences!

In this chapter, we showed that properly setting up an operational environment for a typical business application requires both a good amount of planning and a solid attention to detail when executing those plans. It's likely that you undertook a similar level of effort in designing and implementing your application securely. Great! Now, don't neglect this last step in ensuring that your application as a whole can run as securely as it ought to. If your application is important enough to warrant the time and effort you've spent thus far, it ought to be important enough to ensure that it runs in an equivalently secure operational environment.

Why do so many companies make seemingly simple mistakes in deploying their applications securely? There are many factors. We don't doubt, ...

Get Secure Coding: Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.