SecureState’s approach to mobile application development starts with an inventory of the applications in the environment and building a categorized and prioritized list. This is a critical first step that is often overlooked by programs focused on application security. It is impossible to build an application security program unless you know the number of applications in the environment and the regulatory, financial, and operational security requirements of the applications. SecureState gathers this information and gets everyone to the starting line so the application can flow through the rest of the process.
The rest of the process follows the classic phases in a waterfall development cycle, as the mobile application moves from having the requirements defined, architecting the application, building and testing the application, deploying the application to production, and maintaining the application in production. During each phases, specific steps need to be taken to properly address application security. Each one of the security components added to the SDLC plays a critical role; therefore it is important to make sure the client or SecureState perform all of the steps. This approach to mobile application development can be applied to any SDLC process. Though originally built to work with waterfall development, the process can be integrated into agile development or any other development process as needed.