Secure Software Development Life Cycle (SSDLC)

The most important principle of SSDLC (Secure Software Development Life Cycle) is to offer a secure development process thus minimizing the risk of vulnerabilities in our solution that we develop, Organisations that implement that style of development will significantly reduce the weaknesses and threats of exploitation

It also brings a layer of quality during our  QA stage.

 

QA vs Security 

Quality assurance allows to verify and validate that a given application works as desired by the user and by “business owners”. and It concerns the application reliability. 

A secure development adds quality to software, but the opposite is not always true

 

Having the security functions does not mean that the application is enough secure. Indeed, these security functions can be disabled by default and can be poorly implemented or poorly designed and include security vulnerabilities.

 all security activities are stated here, we will explain each step in next week to give you better picture and help you to take advantage on the process 
just keep in mind the follwing standards :

  • ISO 27034 
  • SP 800-160 Vol. 2
  • PA-DSS
 
and also
  • ISO/IEC 21827:2008
  • ISO/IEC 25000:2014
  • NIST SP 800-61 Rev. 2
 
Training Requirements
  • Security Requirements
  • Quality Gates/Bug Bars
  • Security and Privacy Risk Assessment
Design
  • Design Requirements
  • Attack Surface Reduction
  • Threat Modeling
Implementation
  • Use Approved Tools
  • Deprecate Unsafe Functions
  • Static Analysis
Verification
  • Dynamic Program Analysis
  • Fuzz Testing
  • Threat Model and Attack Surface Review
Release
  • Incident Response Plan
  • Final Security Review
  • Release/Archive
Optional Activities
  • Manual Code Review
  • Penetration Testing
  • Vulnerability Analysis of Similar Applications

4 thoughts on “Secure Software Development Life Cycle (SSDLC)

  1. Content Generator

    A secret weapon for anyone who needs content. I dont need to tell you how important it is to optimize every step in your SEO pipeline. But unfortunately, its nearly impossible to cut out time or money when it comes to getting good content. At least thats what I thought until I came across Article Forge. Built by a team of AI researchers from Stanford, MIT, Carnegie Mellon, Harvard, Article Forge is an AI content writer that uses deep learning models to research, plan out, and write entire articles about any topic with the click of a button. Their team trained AI models on millions of articles to teach Article Forge how to draw connections between topics so that each article it writes is relevant, interesting and useful. All their hard work means you just enter a few keywords and Article Forge will write a complete article from scratch making sure every thought flows naturally into the next, resulting in readable, high quality, and unique content. Put simply, this is a secret weapon for anyone who needs content. I get how impossible that sounds so you need to see how Article Forge writes a complete article with the Click Here:👉 https://stanford.io/3FXszd0

    Reply
  2. PROMOCODE

    👉 👉 $5,000 FREE EXCHANGE BONUSES BELOW 📈 👉 PlaseFuture FREE $3,000 BONUS + 0% Maker Fees 📈 + PROMOCODE FOR NEWS USERS OF THE EXCHANGE 👉 [M0345IHZFN] — 0.01 BTC 👉 site: https://buycrypto.in.net Our site is a secure platform that makes it easy to buy, sell, and store cryptocurrency like Bitcoin, Ethereum, and More. We are available in over 30 countries worldwide.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *