IS3445 Project Part 5

Introduction What exactly is SDLC? SDLC stands for Software Development Life Cycle. SDLC is a series of phases that provide model for the development and lifecycle management of an application and/or software. Within SDLC, security should also be considered. How is the application going to be secured? Are we using these phases to the best of our knowledge and incorporating as much security as possible? There are six phases within SDLC. They are Systems analysis, design, implementation, testing, acceptance and deployment, and maintenance. There are four ways to secure SDLC. They are Governance, Construction, Verification, and Deployment. Within each way to secure SDLC, Governance there is strategy and metrics, policy and compliance, education and guidance, threat assessment, security requirements, security architecture, design review, code review, security testing, vulnerability management, hardening environments, and operations.
Resources to Create Secure Coding Policies and Guidelines SDLC has many models that will be beneficial in creating secure coding polices. These models are:
Waterfall
Iterative and Agile Scrum
Rapid Application Development
Rational Unified Process
Spiral Model and V-Model
There is also principle that should be followed when securing an application. They are minimize attack surface area, establish secure defaults, employ the principles of least privilege and defense in depth, fail securely, and not trusting services. There are also principles such as having a policy of separation of duties, avoiding security by obscurity, keeping security simply, and fixing security issues correctly.

Techniques for Software Developers to Review Code There are many techniques software developers should use while reviewing their code. These techniques will help ensure that the application is secured while also having an ease of use for the customers. Using these techniques will help bring the application to a secure point which will prevent unauthorized