Secure Software Development Life Cycle (SSDLC)

The most important principle of SSDLC (Secure Software Development Life Cycle) is to offer a secure development process thus minimizing the risk of vulnerabilities in our solution that we develop, Organisations that implement that style of development will significantly reduce the weaknesses and threats of exploitation

It also brings a layer of quality during our  QA stage.

 

QA vs Security 

Quality assurance allows to verify and validate that a given application works as desired by the user and by “business owners”. and It concerns the application reliability. 

A secure development adds quality to software, but the opposite is not always true

 

Having the security functions does not mean that the application is enough secure. Indeed, these security functions can be disabled by default and can be poorly implemented or poorly designed and include security vulnerabilities.

 all security activities are stated here, we will explain each step in next week to give you better picture and help you to take advantage on the process 
just keep in mind the follwing standards :

  • ISO 27034 
  • SP 800-160 Vol. 2
  • PA-DSS
 
and also
  • ISO/IEC 21827:2008
  • ISO/IEC 25000:2014
  • NIST SP 800-61 Rev. 2
 
Training Requirements
  • Security Requirements
  • Quality Gates/Bug Bars
  • Security and Privacy Risk Assessment
Design
  • Design Requirements
  • Attack Surface Reduction
  • Threat Modeling
Implementation
  • Use Approved Tools
  • Deprecate Unsafe Functions
  • Static Analysis
Verification
  • Dynamic Program Analysis
  • Fuzz Testing
  • Threat Model and Attack Surface Review
Release
  • Incident Response Plan
  • Final Security Review
  • Release/Archive
Optional Activities
  • Manual Code Review
  • Penetration Testing
  • Vulnerability Analysis of Similar Applications

Leave a Reply

Your email address will not be published. Required fields are marked *