1. Eliminate vulnerabilities before applications go into production. To address application security before development is complete, it’s essential to build security into your development teams (people), processes, and tools (technology).
2. Address security in architecture, design, and open source and third-party components. If you’re only checking for bugs in your proprietary code or running penetration tests against your system, you’re likely missing a substantial number of the vulnerabilities in your software.
3. Adopt security tools that integrate into the developer’s environment. One way to do this is with an IDE plugin, which lets developers see the results of security tests directly in the IDE as they work on their code.