Java Reference
In-Depth Information
Maintenance
Requirements
Deployment
Analysis
Design
Te sting
Development
Figure 3.6
typical Software Development Life Cycle.
◾
Requirements gathering
◾
Analysis
◾
Design
◾
Development
◾
Testing
◾
Deployment
◾
Maintenance
Most SDLCs that are used by organizations today do not take the security aspect into consid-
eration or try to retroit security functionality into an already developed application, which is the
prime cause for nonsecure applications. he SDLC does not incorporate security in its step and
the application is not built
secure by design
. At the outset, while formulating requirements and per-
forming analysis of the same, the risks to critical data handled by the application are not assessed
and understood. his is a recipe for a nonsecure application design. Security is not built during
development, as it has been omitted during the previous phases. Testing tends to overly focus on
functional vulnerabilities and bugs and does not take security vulnerabilities into account, as they
have not been considered during the previous phases of the application. At the end of the testing
phase, we end the process of secure development and begin the process of secure deployment. In a
typical SDLC, secure deployment is also lawed, as security has not been considered while formu-
lating the requirements and during the design phase.
We can see clearly from this series of events caused by the oversight of security practices
through the application development life cycle is due to the fact that SDLC or the development
and deployment life cycles of the application does not take security into account from the incep-
tion of the application development lifecycle.
Search WWH ::
Custom Search