Websites and web applications have proven to be the go-to target of malicious attackers because it is much easier to target web applications than it is to attack the underlying infrastructure or operating systems supporting the web application.
In order to build and maintain secure applications it is necessary to incorporate security in your software development lifecycle (SDL). The security of your application should be considered paramount and tested throughout the application’s lifecycle.
NIST recently released NISTIR 8011 Volume 4, provides an operational approach for automating security control assessments to manage vulnerabilities in software.
The OWASP Top 10 Proactive Controls project (OPC) raises awareness about application security by describing the most important areas of concern that software developers should be aware.