As we have witnessed over the past years, security issues in web applications are always there and the problems are usually very similar. The character of the security issues doesn't change. We frequently come across the same problems with SQL injection, code execution and service interruptions that we have seen over the past 10 years.

Web applications are frequently constructed in modular format. When a web browser performs an operation, many different software layers are accessed throughout the server. Moreover, many web application modules are accessed by your browser at any given time. Since the advent of modular programming, web applications are more and more difficult to make secure [1]. An error or fault originating from a browser in one section of a site could easily compromise other parts of the same site, potentially causing issues in information security, as well as the integrity and continuity of other services on the same server.

As we see the same problems arising time and time again, we must question the methods used when executing a project. The relative cost of these problems can greatly increase the cost of undertaking and completing a project and, therefore, is an important consideration. At the same time, knowledge of risks at the conception stage of a projects development can aid greatly in producing a cost-effective final product.

Over time, we have encouraged secure programming techniques by supplying programmers with information about them. Information security research and publication is of capital importance to us. However, even a vast and substantial knowledge of these techniques does not guarantee vulnerability free software. Due to this, it is just as important to use a development cycle such as XP.

The construction of a web application with many levels of permissions greatly complicates the structure of a program. Adding to this an exponential increase in users means that the code becomes a veritable jungle and difficult for the programmer to ensure information security. Pressures both from the market and from our clients sometimes force us to minimize the importance of a development cycle. In a development cycle, the most important project factors are linked to the chronology of the project development.

"Not to be in production is to be spending money without making money. Now, it may just be my wallet, but I find the outgo / no income state to be very uncomfortable." [2]

In order to ensure a high quality end product, the steps and the order of the development cycle are of tantamount importance.

Nevertheless, if the project decision structure is not properly decided on from the beginning, this development method becomes useless. It is also important that the decision structure be properly and well defined from the beginning.

Heptacube's productions follow certain security norms in order to ensure the protection of the user's private life. They represent an enormous effort in research and development. We give the same individual attention to projects under production for clients. For these, Heptacube includes professional documentation of the decision making process. We follow structured steps in order to ensure that the best solution is always chosen. [3]

 Objective definition
 Identification of potential problems in development
 Alternatives identification
 Quantification of risk
 Solution elaboration
 Solution value estimate
 Presentation of client analysis
 Project development and implementation
 Post project evaluation

These documents, recognized by software engineers, are used to aid in the decision making process. Standards defined in the 1990's are still valid today.

To conclude this discussion on information security, we would like to give some proof that the unchanging cyberattack methods are in response to recurring problems. Absence or misuse of a development cycle, such as XP, increases the risk of software vulnerability. We have shown different steps taken by our company to ensure that the right decisions are made throughout the project development phase. We believe that these methods, when used as a guide, are of great help in bringing a project to fruition without unwanted costs.

1. Bruce Shneier, Secrets and Lies, page 160
2. Kent Beck, Extreme Programming Explained, page 131
3. John Schuyler, Risk and Decision Analysis in Projects, page 23