Developing apps securely from scratch

Motivation and problem definition

Due to increasing digitalization, the topic of attack security is playing an increasingly important role for software developing companies and their customers within NRW. For example, the EU General Data Protection Regulation, which will come into force in May 2018, obliges companies to protect all personal data accordingly, e.g. through appropriate encryption, and defines significant financial penalties if this is not implemented correctly.

However, ensuring IT security is a complex challenge for companies. Developers often lack the tools, methods and security expertise to develop efficiently and securely. External influences such as time pressure, low budgets and a lack of awareness among all those involved in the process further exacerbate the problem.

Two people at a computer with coding documents. — © REDPIXEL / Adobe Stock
AppSecure.nrw - Training, tools & processes for secure app development.

Project goals and solution approach

The aim of the AppSecure.nrw project is to develop a set of tools for secure software development and to evaluate them in practice. The preliminary work and research results from science are to be further developed and prepared in such a way that software developers can use them directly and easily themselves. The focus of the project is on mobile and web-based applications.

The project team is developing a Secure Development Lifecycle (SDLC) to ensure that applications are secure from conception through to operation. This takes into account important issues such as the processing and management of security-critical data. In addition, code analysis tools are integrated into the SDLC, with which, for example, programming errors can be detected and rectified during development, similar to a spell checker. The results of AppSecure.nrw are being tested in practice by three application partners and should also be applicable for other companies after the end of the project. The project team is organizing targeted training courses and networking events for further training and the exchange of experience.

Over the next few months, the project partners will initially conduct a study on IT security in software-developing companies in Germany, Austria and Switzerland. This will allow them to gather important information on the current situation and needs, which will be incorporated into the project.

Project profile

PROJECT TITLE	Security-by-Design of Java-based applications
RUNNING TIME	01/2019 until 12/2021
PROMOTION	Europäischen Fonds für regionale Entwicklung (EFRE.NRW)
FUNDING VOLUME	1,5 Mio.€
COOPERATION PARTNER	adesso mobile solutions GmbH Axa Konzern AG Connext Communication GmbH Fraunhofer IEM
PROJECT MANAGER	Prof. Dr. Eric Bodden
goals	Raising awareness of the topic of security in software development Further develop methods & tools and evaluate them in practice Develop and practically evaluate training and further education courses

Funding information

The AppSecure.nrw research project is currently being supported by partners from NRW and by the ERDF initiative.

The European Regional Development Fund and cohesion policy promote the implementation of the Europe 2020 strategy for smart, sustainable and inclusive growth. Central aspects of the strategy are increasing prosperity and productivity. This is linked to research and innovation, increasing the competitiveness of SMEs, promoting education and training, reducing poverty and combating climate change and energy dependency.