Question

As we talked about the Software Development Lifecycle. We approached it from the standpoint of where security needs to be added to the SDLC. When code is insecure, it introduces vulnerabilities that get exploited. As security practitioners, this is where we come into the equation. However, that being said - we should be advocates for security in the development phase because it will make everyone's life easier once the software is deployed. We have to make a conscious effort to implement security that doesn't get in the way of business productivity. Every day, millions of corporate workers download files and email attachments, not knowing whether they could contain malware (such as viruses or Trojan horses). This happens even with appropriate use policies and warnings from administrators. How would you enforce such rules, without limiting the usability of workers’ systems?

Answer 1

Security plays an important role in everyone's life. Every single person would like to have a privacy and security of their personal information/data and always wanted their data, system, mobile phone and all the latest technological devices which are open to internet to be safe secure and invulnerable. But, as we are exposed to the internet, there is always a chance of getting exposed to such malacious activities where hackers or anonymous users tries to access data or to get the control of your system by different approaches i.e. by sending mails containing the links, once a user clicks on to that link, virus spreads in the system and if we accidently download an application sent by malacious users, then they can easily access to our data as well as to our system.

While developing any software or any application, we usually follow SDLC (Software Development Life Cycle), which is a process followed for a software project, within a software organization. It consists of a detailed plan describing how to develop, maintain, replace and alter or enhance specific software. The life cycle defines a methodology for improving the quality of software and the overall development process.

There are overall 6 stages of SDLC:

• Planning and Requirement Analysis

• Defining Requirements

• Designing the Product Architecture

• Building or Developing the Product

• Testing the Product

• Deployment in the Market and Maintenance

Here, for making the software more secured and safe to use, one must focus more on Development phase, as here we can analyze and identify where security issues can happen.

The respective authority / organization must apply some appropriate use policies and warnings from administrators before hand regarding possible outcomes of security threats in future. We can enfore such rules by adding them into terms and policies so that, when a person installs a software he/she must know about the rare possible chances of occurrence of attacks.

We can avoid these attacks if we make some modifications in the development phase. Here, instead of completely focusing on writing programs and creating algorithms, one has to focus on the security issues , to analyze with possibilities can attack occur and how to overcome it. As we analyze and identify the places where we need to improvise more in the software development, we must start working on it so that it can overcome all the drawbacks which it previous had. This process might take time, but it will not limit the usability of worker's system. This process of identifying and analyzing must be assigned to an expert and experienced candidate who can easily complete this process in a given amount of time. Once the development phase gets complete, one must try to test in different environments so as to ensure that it's risk free as well as compatible.

Hope I answered the questions.

If you have any doubts/queries, feel free to ask by commenting down below. I will respond within 24 hours

And if you like my answer, then please do upvote for it, your feedback really matters alot to me.

STAY HOME STAY SAFE