Question

Why is building security into the SDLC important?"

Answer 1

Software Development Life Cycle (SDLC) is a process used by the software industry to design, develop and test high quality softwares. The SDLC aims to produce a high-quality software that meets or exceeds customer expectations, reaches completion within times and cost estimates

it consists of  detailed plan describing how to develop, maintain, replace and alter or enhance specific software. The life cycle defines a methodology for improving the quality of software and the overall development process.

SDLC contains several satges:

1. Research and Analysis – It all starts here. SDLC begins with gathering information from all stakeholders who will benefit from the new application, answering questions such as, “What is the problem at hand?” and “What are the requirements?” In the research phase, it’s critical to gather as many facts as possible, especially with requirements. For example, the application may need specific user permissions in the code that grants “super user” rights to some and not all.

2. Design – Design occurs after all of requirements and wish list items of the research phase have been addressed and documented. This kicks off when the application developer creates the app layout as well as the other code needed to create app functionality. There are times when the developer hits a road block where certain requests can’t be addressed or another functionality should be considered. When this happens, it’s the developer’s responsibility to be sure the applicable stakeholders who created the requirements list are aware of the issues. The developer will need to gather more research.

3. Testing – Developers perform a Unit Test of the application. After the app passes Unit Testing, it moves to IT QA for testing. If no internal QA is in place, the potential end users have to test the app. This is called User Acceptance Testing. In either phase of testing beyond Unit Testing, it’s important that any bugs or functionality issues are well documented. Documented issues have to be addressed by the developer, corrected, and regression tested. All testing is done in a non-production environment. No live data is affected during testing.

4. Implementation – Depending on the application and other infrastructure at hand, implementation can be an intricate process. The application code is copied from the testing environment to the production environment. Even when implemented, the application often needs more testing to make sure all is functioning as designed and all requirements are met.

5. Support and Evolution – During this phase it is important to have all proper personnel in place to handle any issues that may arise after the app has been implemented. This occurs usually when larger user groups are trained on the new application. Sometimes new users will attempt to do things the app isn’t designed to do. It’s up to the support team to educate the users on the functionality and proper use. Granted, other scenarios may arise that may be a legitimate bug in the app. Hopefully this doesn’t occur often, but if it does the support team has to address the issue accordingly. The developer will need to be involved so outstanding issues are addressed and resolved. Additional testing will have to be conducted before implementing the updates.

SDLC is important not only when building software it helps after publishing also.