DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Trending

  • Segmentation Violation and How Rust Helps Overcome It
  • Chaos Engineering for Microservices
  • Comparing SaaS vs. PaaS for Kafka and Flink Data Streaming
  • Building Scalable and Resilient Data Pipelines With Apache Airflow
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Secure SDLC: Common Phases and List of Tasks

Secure SDLC: Common Phases and List of Tasks

We take a look at what development and security teams can do to shift security left in the SDLC and achieve a true DevSecOps process.

By 
Varun Malhotra user avatar
Varun Malhotra
·
Feb. 11, 18 · Opinion
Likes (5)
Comment
Save
Tweet
Share
12.0K Views

Join the DZone community and get the full member experience.

Join For Free

Details

Let’s get started by reviewing the development process and the common phases involved in the SDLC.

  1. Requirement gathering

  2. System/Application designing

  3. Implementation

  4. Testing

The approach where security is ignored in the above phases is a defective approach.

That's where a more secure SDLC comes in.

As a modified approach, teams should bake-in security from the start and make sure all the above phases of the SDLC incorporate a security-minded approach.

Let’s get into the details by understanding what is involved in each phase in order to build secure software.

Image title

1. Requirement Phase: Identify and write down all the security requirements your team needs to consider.

The security requirements mainly focus on security expectations, such as:

a. Security Policies

i. Confidentiality

ii. Integrity

iii. Availability

b. Mechanisms to enforce those security policies

i. Authentication

ii. Authorization

iii. Accountability

iv. Auditing

Along with the security requirements, the preparation of exploitation test cases can help predict the way attackers could exploit the software so your team can set up proper countermeasures.

2. Designing Phase: During this phase, with the security requirements defined above, a threat model is used to design secure software.

3. Implementation Phase: Based on the security protocols used in the design phase, developers can go ahead and implement the software securely, which will be further reviewed from the security code perspective based on the guidelines and checklist in the next phase.

4. Testing Phase: The focus of this phase is to prepare the test plan and define the risk-based security tests to be used during testing. As part of this phase, the focus will on performing static and dynamic application security tests, which are also known as SAST and DAST. The next step in this phase will be to perform penetration testing in order to make sure any vulnerabilities in the developed software are addressed prior to release.

Conclusion

In order to have a secure SDLC, all the phases listed above should be executed, as each task can help reduce the number of critical vulnerabilities in your software.

Security is essential and shouldn’t be ignored - bake it in from the start.

Opinions expressed by DZone contributors are their own.

Partner Resources

×
Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!