Developing apps securely from scratch

Due to increasing digitalization, the topic of attack security is playing an increasingly important role for software developing companies and their customers within NRW. For example, the EU General Data Protection Regulation, which will come into force in May 2018, obliges companies to protect all personal data accordingly, e.g. through appropriate encryption, and defines significant financial penalties if this is not implemented correctly.

However, ensuring IT security is a complex challenge for companies. Developers often lack the tools, methods and security expertise to develop efficiently and securely. External influences such as time pressure, low budgets and a lack of awareness among all those involved in the process further exacerbate the problem.

The aim of the AppSecure.nrw project is to develop a set of tools for secure software development and to evaluate them in practice. The preliminary work and research results from science are to be further developed and prepared in such a way that software developers can use them directly and easily themselves. The focus of the project is on mobile and web-based applications.

The project team is developing a Secure Development Lifecycle (SDLC) to ensure that applications are secure from conception through to operation. This takes into account important issues such as the processing and management of security-critical data. In addition, code analysis tools are integrated into the SDLC, with which, for example, programming errors can be detected and rectified during development, similar to a spell checker. The results of AppSecure.nrw are being tested in practice by three application partners and should also be applicable for other companies after the end of the project. The project team is organizing targeted training courses and networking events for further training and the exchange of experience.

Over the next few months, the project partners will initially conduct a study on IT security in software-developing companies in Germany, Austria and Switzerland. This will allow them to gather important information on the current situation and needs, which will be incorporated into the project.