• 10 hours
  • Medium
License

Free online content available in this course.

course.header.alt.is_video

course.header.alt.is_certifying

Got it!

Last updated on 4/2/20

Learn the Secure Software Development Life Cycle

Is the Traditional Software Development Cycle Adequate?

Production software is usually created using the software development life cycle (SDLC).

The Software Development Life Cycle (SDLC): Requirements, Design, Implementation, Test, and either Release or back to Requirements.
The Software Development Life Cycle (SDLC)

The phases are typically begin with gathering requirements, design, implementation, testing, and release (evolution). This basic life cycle does not account for vulnerabilities. The secure coding practices that we have learned in this course are surprisingly not a part of your average software development life cycle. Because security is not at the forefront of most software development life cycles,  it’s no surprise that 80% of web applications in production today are vulnerable to common attacks!

How Is Security Handled in a Traditional Software Life Cycle?

What happens when vulnerabilities come up while testing? The issues are sent back to the development team. Redesigning and coding a lot of basic functionality can be a costly process.

What happens when vulnerabilities pop up after the software has been released? Since it's already in production, you can’t go back and fix the original code. Now, you have to create a patch and hope that the clients will apply it.

How can you avoid all these costly and time-consuming processes?

You guessed it, use your secure coding practices to do it right the first time!

Add Security to the Software Development Life Cycle

There are many organizations including OWASP that have proposed a security integrated life cycle (SDLC) or secure software development life cycle (SSDLC). There is still a lot of debate in the subject; however, in large scale web application production, security will most likely be integrated into the already used SDLC model used by the organization. 

The traditional software development life cycle with security added to every phase.
Inject security into your development life cycle!

Because a proper security policy would include security mindedness in all processes, a focus on security should be integrated into all phases of the life cycle.

Let's Recap!

  • The SDLC is used by organizations with large software projects.

  • Traditionally it does not include secure coding as an integral part of the process.

  • The result of not ensuring security in SDLC is additional time and money used to fix unsecured code.

  • Use SSDLC to add security awareness in every phase of SDLC!

Example of certificate of achievement
Example of certificate of achievement