In software development, secure processes are required during development to produce a secure software. Therefore, security during development stages and the security of the developed software are interrelated and necessary for overall security.
The software development process follows the cycle of design, development, testing, and integration. Security controls are necessary in all these stages. The following sections describe some of the best practices pertaining to the security controls in software development.
In order to prevent inappropriate developer access to production systems, controlled access to operational systems for developers and testers should be implemented. Hence, to prevent unintended operational system changes, the separation of development, test, and operational facilities should be implemented.
Formal change control processes and procedures are necessary to ensure that the changes in development processes and implementation are done in a controlled manner. This is to prevent the corruption of data or programming. Change control processes should take into account and follow documentation, specification, testing, quality control, and controlled implementations.
Whenever there is a change in the system or application, performing risk assessment on the impact of the proposed change is necessary. Establishing suitable security controls based on the assessment is important for security.
Similarly, a version of the operating system may change after the application is deployed. The porting of the application to other operating systems may also be planned after the initial deployment in one operating system. In both scenarios, a technical review on the security of the application software has to be done due to the operating system changes. Primarily, integrity procedures should be reviewed.
Any change control processes and procedures should take into account business continuity requirements and include tests for the BCP.
Any changes to the vendor-supplied software by internal development personnel should be avoided. If a change is necessary, it may either be done by the vendor, or it should be done internally after obtaining consent from the vendor. This is to ensure the validity of the warranty. Similarly, any changes provided by the vendor to the software by way of patches should be tested thoroughly in a test environment before updating to operational systems. The tests should also contain rollback mechanisms in case of failure.
In a software application, covert channels may be introduced by developers with malicious intent. A covert channel can provide a path for information leakage, circumventing security controls. They may also have functions for evading monitoring controls. Hence, covert channel analysis is necessary to ensure data confidentiality.