Data breaches and the insecure software that enables them can cause millions of dollars in losses as well as the intangible, but arguably more important, loss of trust that they cause. Application security is, therefore, vital and ensuring comes down to effective testing. Following are the three phases in which applications should be exhaustively tested:

• Development – code needs to be bulletproof and subject to static, penetration and dynamic testing to confirm this.

• Quality Assurance – a dedicated software testing team needs to sign off that testing has been conducted successfully based on standards and known vulnerabilities before software is released for general use.

• Production – once applications have been released for general use they must be constantly monitored to protect against threats. This can include manual and automated functions to constantly analyze software for breaches after it has been launched.