Question

In: Computer Science

What does the SDLC have to do with Computer Security?

What does the SDLC have to do with Computer Security?

Solutions

Expert Solution

Before going through the role of SDLC in computer security, let’s briefly describe the term SDLC and computer security.

SDLC: SDLC stands for Software Development Life Cycle which deals with the each and every process while developing new software as well as enhancing existing software. Software development is carried out in different phases having a specific purpose of that phase in development process.

Computer Security: The term is also known as the Cyber security or information technology security. Computer security is the process and standards which are followed to save the computer data/programs/software from the unauthorized access and damage. Data accessed by unauthorized person can lead to misuse of secure information. E.g. authorized fund transfer in bank account using online web application.

How traditional SDLC has impacted the Computer security: Before developing software, requirements are gathered from various sources and are analyzed by experts. It has been traditional practice to focus on functional requirements only, which in future creates the security issues in the project. In traditional SDLC, security has been a small part of testing phase. Security being the sub-part of testing phase had never been given much importance resulting security bugs being undiscovered. In the current era, every organization is automating their manual process to available software which is attracting different hackers to hack the data and use the hacked data for various illegal uses. Computerized era is demanding the software which is free of security vulnerabilities.

Role of SDLC in securing computer

A secure SDLC process of software development considers the security of purposed software from beginning of software development till the implementation. There are different new methodologies available for secure SDLC such as OpenSAMM, BSIMM etc

Role of SDLC phases in computer security: Software is secure for computer when the security requirement is consider along with the functional and performance requirements of software and security is verified in each of the phase. The role of computer security in different SDLC phases in as below:

Gathering the security requirements of software: This phase includes the gathering and analysis of the software requirements. While gathering functional, performance, user interface requirements, the development team should gather and analysis the security concerns of the software which includes:

  • What are the different user types in software
  • Which authentication method to be used for password safety
  • How the different kind of user will securely use application and authenticate themselves in the application
  • How permissions will be imposed on the purposed application which will identify that which type of user can have access to different modules

Creating a secure architecture: This phase includes the secure logical architecture of the software. Secure software will have the below properties in architecture:

  • Easy identification of user type
  • Session management for different users
  • Configuration management for security
  • How the data to be stored and accessed securely from database
  • Proper object handling in architecture
  • Data flow control among different modules and users

Security while programming the code: After analysis of the requirements, coding plays an important role in the software development. Secure code reduces the vulnerabilities in the software project and prevents the security bugs in the software. A secure coding should contain the following while development of software:

  • Follow the security standards
  • Do not allow access to all domains by default
  • Security standards for encrypting the passwords
  • Defining the classes and variables private until required in other programming
  • Not printing the secure data in application logs or browser console

Security in testing of software: Testing of the software ensures that the software developed in earlier phases is meeting the customer requirements. Security testing plays a significant role to ensure that once the project is deployed for user, it will keep the user’s computer secure from unpleasant hack and damage of data. Penetration testing will help to make the software vulnerability free. Security testing will have below basic checkpoints in validations list:

  • User authentication is working securely and password is encrypted everywhere in application
  • User password and database details are not visible in plain text
  • Software is free from OWASP top 10 vulnerabilities
  • Software application is deployed over secured connection
  • Software is not accessing any unsecure content from internet
  • Inspect the application behavior for scripted data inputs

Security while implementing the software on different platforms: Implementation includes the installation and configuration of software application. A secure application should have capability to store the different configurations for different users in a secure method so that it is not accessible by unauthorized users.

  • Implementing the software over the secure connection i.e. https://
  • Secure connection to database is established
  • Database details should not be visible on the user interface
  • The used web services should be secured over the internet
  • Any API used in the software should have a secure connection with application

Related Solutions

Why is building security into the SDLC important?"
Why is building security into the SDLC important?"
What role does password expiration play in computer security?
What role does password expiration play in computer security? Briefly explain a major advantage of password expiration, and briefly explain a major disadvantage.
explain what an encryption algorithm is and what it can do to provide increased computer security...
explain what an encryption algorithm is and what it can do to provide increased computer security ?
Why does the IOT present a computer security problem?
Why does the IOT present a computer security problem?
What does it mean to have layered security protection?
What does it mean to have layered security protection?
1)exlplain in short what does network security means 2) what is computer viruses? 3) how does...
1)exlplain in short what does network security means 2) what is computer viruses? 3) how does computer virus spread? 4) What is a worm? 5) How does worms spread? 6)Detailed difference between viruses and worms? 7) What is the use of viruses and worms in network security and who uses them? 8)How to prevent virus and worm infection?
What is the internet of things (IOT)? Why does it present a computer security problem? Detailed...
What is the internet of things (IOT)? Why does it present a computer security problem? Detailed answer please.
What are the differences and similarities between security, network security, and computer security in IT fields?
What are the differences and similarities between security, network security, and computer security in IT fields? Do the fields cover clearly delineated areas, or is there considerable overlap? Would you say that one of these areas is more technical than the other two?
What mitigation preparedness role does the private sector have in terms of Homeland Security? Do you...
What mitigation preparedness role does the private sector have in terms of Homeland Security? Do you believe that the private sector learn lessons from the 9/11 terrorist attack?
Building security into the design phase of the software development lifecycle (SDLC) is important to be...
Building security into the design phase of the software development lifecycle (SDLC) is important to be successful in securing software. In this forum, you will research the best secure software design methodologies to prevent vulnerabilities and share your findings with the class. While a security method may work well for one organization, the same approach may not work well for other organizations. However, there should be some best practices we should follow to be successful in the SDLC phases Considering...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT