The development of applications that are useable yet remain secure throughout the lifetime of their deployment is the pinnacle of achievement for a software development organisation. While the development of code that will run is now mundane, to be able to create useful code that assists users in their accomplishment of their work and does so with a minimum of risk remains an art few organisations can achieve. Yet the increasing demand for applications that connect business partners and utilise the internet creates the need to understand how this is achieved.

The starting point for accomplishing this is Application Lifecycle Management (ALM). ALM is the marriage of business management to software engineering made possible by tools that facilitate and integrate requirements management, architecture, coding, testing, tracking, and release management1. The ability to be able to deploy reliable code that supports these activities yet is cost efficient to develop and support and is robust and secure requires the framework that ALM provides but also the knowledge of how to program securely.

In today's world software failure has become everyone's problem. Errors affect almost every conceivable activity from doing the shopping, accessing your bank account, catching a train or landing a plane. So understanding how to deliver secure applications efficiently is knowledge that is in great demand, which is precisely where ISG comes in. As the leading Information Security strategist in Australia ISG provides the tools and the knowledge of how they should be deployed to deliver applications on which some Australia's best known companies rely for running their businesses.

ISG sell, implement and support the Serena Application Development toolsets which are one of the most widely used development platforms globally, both within the Global 100 and also by virtually any other measure by either industry sector, or size of organisation. Serena's products are currently in use at over 15,000 customer sites worldwide and include some of the largest and most successful enterprises in the world, including the top 10 largest corporations in the following industries:

Serena have an award winning range of cross platform tools to assist businesses to manage developments in both .NET and Java. Based around the world's two most widely supported IDEs, being .NET and Eclipse, the ALM toolset include products for prototyping, requirements management, change management, and release management. The products are fully integrated with the Serena PPM products (Mariner & OpenProj) as well as a wide range of other development tool vendors including Mercury, Rationale, and CollabNet.

ISG's use and endorse the Application Security standards developed by Open Web Application Security Project (OWASP), a worldwide free and open community focused on improving the security of application software. OWASP's mission is to make application security "visible" so that people and organizations can make informed decisions about application security risks. While ALM provides the tools, methods and frameworks for controlling the changes to applications, OWASP provides the framework that defines the best approaches for ensuring that what is coded within that framework embodies an appropriate level of secuirty to meet the client's business requirements.

The OWASP Top Ten identifies the most common vulnerabilities in application development. OWASP provides techniques to uncover the vulnerabilities in existing code, solutions to address the problems, and training for developers to ensure that they adopt secure coding practices so the problems are not repeated.

As with ALM, secure application development starts with the concept and ensuring that security is an integrated part of the planning and development process and not left as an after thought. ISG's understanding for the OWASP protocols ensures that sound application development practices become an embedded part of how organisations deliver IT services to the business.