CERT-In Issues Guidelines for Secure Application Development and Operations

Hyderabad: The Indian Computer Emergency Response Team (CERT-In), working under the Union ministry of electronics and information technology (MeitY) issued guidelines for secure application design, development, implementation and operations.

CERT-In observed that one of the key reasons for vulnerabilities in the applications was lack of secure design, development, implementation, and operations and relying solely on post-development audits for security is inadequate.

“Instead, security must be an inherent and integral aspect, seamlessly integrated into the application's design and development lifecycle.

Organisation should incorporate secured application development practices and application owners should ask for adherence to the best practices highlighted in this document and should not only rely on the post audit,” it said in a statement.

It advised the companies to establish the context of the security in designing of application, Implement & ensure secure development practices, Provision of detection of errors & vulnerabilities in application design & development and also ensure secure application deployment and operations.

CERT-In said that it found that one of the main reasons for vulnerabilities in cyber infrastructure is insecure application development, security should be regarded as a functional requirement in application development and also applications lacking secure design and development practices should not be considered for assessment and audits.