Scribd
Upload
83 views

Secure Software Development Life Cycle

The document outlines the secure software development life cycle (SecSDLC). It discusses prerequisites, objectives, SDLC vs SecSDLC, advantages, implementation, and exercises. The SecSDLC integrates security testing and activities into the SDLC from initial development through maintenance. It helps make software more secure by addressing security continuously. All stakeholders are aware of security considerations and design flaws are detected early. This reduces costs through early issue detection and lowers business risks overall.

Uploaded by

rpschauhan2003
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
83 views

Secure Software Development Life Cycle

The document outlines the secure software development life cycle (SecSDLC). It discusses prerequisites, objectives, SDLC vs SecSDLC, advantages, implementation, and exercises. The SecSDLC integrates security testing and activities into the SDLC from initial development through maintenance. It helps make software more secure by addressing security continuously. All stakeholders are aware of security considerations and design flaws are detected early. This reduces costs through early issue detection and lowers business risks overall.

Uploaded by

rpschauhan2003
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Program: MCA-302 / CSL0722

Advance Cloud Computing


Unit No 2
Secure Software Development Life Cycle

Dr. Vani Agrawal


Associate Professor
CSA/SOET
Outlines
• Prerequisite of topic
• SDLS
• Model
• Advantages
• Working
• SDLC vs Sec SDLC
• Exercises
• Learning Outcomes
• References
Prerequisite of topic
Before start this topic student should have knowledge about Cloud
Computing
Objective
To understand the Secure Software Development Life Cycle .
Software Development Life Cycle
Software Development Life Cycle
Tracking The Effectiveness Of An
Application Security Program
46% Of Application-Level Risks Are Not
Covered By SAST & DAST Tools
Secure Software Development Life Cycle
(SecSDLC)

• A secure software development life cycle (SecSDLC) process


enables organizations to fully integrate security into their existing
SDLC from initial development through maintenance and obsolescence.
Secure Software Development Life Cycle
(SecSDLC)
Advantage of Secure SDLC

• Your software is more secure, as security is a continuous concern.

• All stakeholders are aware of security considerations.

• You detect design flaws early, before they’re coded into existence.

• You reduce your costs, thanks to early detection and resolution of defects
.
• You reduce overall intrinsic business risks for your organization.
How does a secure SDLC work?

• A secure SDLC involves integrating security testing and other


activities into an existing development process.

• Examples include writing security requirements alongside


functional requirements and performing an architecture risk
analysis during the design phase of the SDLC.
Implementation

•Similar to traditional SDLC

•The security solutions are acquired ( made or bought ), tested, implemented,


and tested again

•Personnel issues are evaluated and specific training and education programs
are conducted.

•Finally, the entire tested package is presented to upper management


for final approval.
SDLC vs Sec SDLC
Statistics Analysis Of Remediation Cost Per Stages
•Cost of remediation is
always lesser in coding
phases irrespective to
number of bugs found.

•Impact on services, risk


delta is always increases as
the SDLC phases increases.

•Increase in effectiveness of
controls help to decrease
the number of bugs
found and remediation costs.

•Decrease the impact on


reputation, brand, business,
reliability.
Application Sec. Quality Improvement Approach

• High Level • Selectio • Selection of • Secure Code • Vulnerability


Security n of Service, review Assessment
Risk Analysis Controls protocols • Data flow • Penetration
•Risk Base • Security review testing
Security Plan Design • Third party
Review assessment
• Third part
assets
control
selection
AGREEMENT

Concepts / Selection of Preliminary Design & Approve


Priority Controls Design Review Build

CheckPoint 1 CheckPoint 2 CheckPoint 3 CheckPoint 4 CheckPoi


nt 5

Definition Pre- Design Development Deployment


Design
Exercises
What do mean by Secure Software Development Life Cycle ?
Learning Outcomes
The main purpose behind the topic students learn about Secure Software
Development Life Cycle .
References
1. Raj Kumar Buyya, Christian Vecchiola, S.Tanurai Selvi; Mastering
Cloud
Computing; Tata McGraw-Hill.
2. John W. Ritting House, James F Ramsome;
Cloud Computing; CRC Press.
3. Kaittwang GeoffreyC. Fox, Jack J. Dongrra;
Distributed and Cloud Computing; Elsevier India.
4. Gautam Shroff; Enterprise Cloud Computing;
Cambridge University Press.

You might also like