The definition of secure SDLC

SDLC is a framework that defines the process used by organizations to manage and maintain an application from its design phase to its decommission. There are many different SDLC models out there, used in various ways to fit individual circumstances and environments. What most of these SDLCs have in common are the following phases:

  • Planning and requirements
  • Architecture and design
  • Test planning
  • Coding
  • Testing and results
  • Release and maintenance

Until recently, it was common practice to perform security-related activities only as an afterthought. This secure-it-when-its-working-and-making-money technique usually resulted in a large number of issues being discovered too late (or not discovered at all). Fixing or trying to fix security related issues once an application is in production is more difficult to do, more costly and reflects poorly on the application and its development team. It is far more advantageous to integrate security activities early on in the SDLC process. Early integration helps discover and fix vulnerabilities at an early stage when they are still relatively painless to address. This approach effectively builds security into the application.

It is in this spirit that the concept of secure SDLC arises. A secure SDLC process ensures that security activities, like penetration testing, code review, and architecture analysis, are an integral part of the application life cycle management process. This means factoring in security early on in the application's life cycle and maintaining secure practices throughout its entire life cycle. Secure practices include the following:

  • Integrating threat modeling and risk evaluation exercises during the architecture and design phase
  • Discussing security checks and tests during test planning
  • Adhering to secure coding practices
  • Making security checks such as code review and penetration tests part of the unit testing, including results review and mitigation activities
  • Maintaining security checks at regular intervals throughout the life cycle of the application
  • Using secure disposal practices for your applications and their environment when they reach their end of life

Adhering to secure software development life cycle practices will help prevent vulnerabilities from creeping into your application and helps secure the application throughout its entire life cycle.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.20.224.107