In: Computer Science
What does the SDLC have to do with Computer Security?
Before going through the role of SDLC in computer security, let’s briefly describe the term SDLC and computer security.
SDLC: SDLC stands for Software Development Life Cycle which deals with the each and every process while developing new software as well as enhancing existing software. Software development is carried out in different phases having a specific purpose of that phase in development process.
Computer Security: The term is also known as the Cyber security or information technology security. Computer security is the process and standards which are followed to save the computer data/programs/software from the unauthorized access and damage. Data accessed by unauthorized person can lead to misuse of secure information. E.g. authorized fund transfer in bank account using online web application.
How traditional SDLC has impacted the Computer security: Before developing software, requirements are gathered from various sources and are analyzed by experts. It has been traditional practice to focus on functional requirements only, which in future creates the security issues in the project. In traditional SDLC, security has been a small part of testing phase. Security being the sub-part of testing phase had never been given much importance resulting security bugs being undiscovered. In the current era, every organization is automating their manual process to available software which is attracting different hackers to hack the data and use the hacked data for various illegal uses. Computerized era is demanding the software which is free of security vulnerabilities.
Role of SDLC in securing computer
A secure SDLC process of software development considers the security of purposed software from beginning of software development till the implementation. There are different new methodologies available for secure SDLC such as OpenSAMM, BSIMM etc
Role of SDLC phases in computer security: Software is secure for computer when the security requirement is consider along with the functional and performance requirements of software and security is verified in each of the phase. The role of computer security in different SDLC phases in as below:
Gathering the security requirements of software: This phase includes the gathering and analysis of the software requirements. While gathering functional, performance, user interface requirements, the development team should gather and analysis the security concerns of the software which includes:
Creating a secure architecture: This phase includes the secure logical architecture of the software. Secure software will have the below properties in architecture:
Security while programming the code: After analysis of the requirements, coding plays an important role in the software development. Secure code reduces the vulnerabilities in the software project and prevents the security bugs in the software. A secure coding should contain the following while development of software:
Security in testing of software: Testing of the software ensures that the software developed in earlier phases is meeting the customer requirements. Security testing plays a significant role to ensure that once the project is deployed for user, it will keep the user’s computer secure from unpleasant hack and damage of data. Penetration testing will help to make the software vulnerability free. Security testing will have below basic checkpoints in validations list:
Security while implementing the software on different platforms: Implementation includes the installation and configuration of software application. A secure application should have capability to store the different configurations for different users in a secure method so that it is not accessible by unauthorized users.