Question

In: Computer Science

The SDLC (software/system development life cycle) framework is a common development methodology used by organizations to...

The SDLC (software/system development life cycle) framework is a common development methodology used by organizations to build systems and software. Security is often an afterthought or only addressed late in the development process.

How can threat modeling be includes during the entire development effort? At what points of the lifecycle would you include threat identification, testing and analysis? Why have you chosen those points in the development cycle?

Solutions

Expert Solution

Many people thinks that threat modelling should be done only after the development of sofware. This is because many people thinks that threat modelling can be done only by security professionals.

This is not correct.
Developers etc also can do the threat modelling.

Normaly threat modelling is done after the entire development of architecture. But instead we can implement Threat modelling as a part of SDLC itself.

for integrating the threat model in SDLC

  • During requirement phase

the threat model can be included by considering a threat agent trying to make malicious use of application functionality.

by analysing all the harms a malicious user can do regarding the application functionality, the security requirements can be improved and therefore risk of abuse of application can be reduced

  • During Design phase

During this phase, threat model can be included by identifing the vulnerabilities in the design of application architecure.

this includes identification of vulnerabilites in user interface,data storage,data flow, hardware,components etc.

Hence, Those vulnerablities can be removed during the design phase itself.

This way of including threat model during design helps to reduce the extra cost of solving the vulnerablities after the sofware is developed.

  • during coding phase

even if there exist no vulnerabilities in application architecture, New vulnerablities will be formed in the application if the application design is coded in inappropriate manner.

Attackers can easily find such vulnerablities by scanning the application.

During coding phase, the threat model can help identify such vulnerablities.

the threat model can be included by automatic or manual analysis of source code with respect to specific criterias of existing threat model.

  • During Testing phase

By documenting the Threat model that is implemented during requirement,design and coding phase, the threat model can be included during testing phase also

The software testers can refer this document to check whether all the threat vulnerabilites found during other phases has been solved or not.

normaly security testers will check only for common security vulnerabilities.
Having a threat model documentation will be very much usefull for security testers.

because the documentations helps the testers to focus more on specific architecture of application or specific vulnerabilites other than common issues


Related Solutions

Reviewing the System/Software Development Life Cycle (SDLC) model and methodology then show how this model can...
Reviewing the System/Software Development Life Cycle (SDLC) model and methodology then show how this model can be use in web design. Be sure to define the SDLC model and methodology and identify which SDLC step is associated with each project component
5. Describe the systems development life cycle (SDLC) methodology in the context of a “real” example....
5. Describe the systems development life cycle (SDLC) methodology in the context of a “real” example. In other words, think about (or imagine) a situation where you proposed the need for a new information system. For this system development effort, describe what happened (or should happen) during the definition, build, and implementation phases.
Compare and Contrast PDLC (Program Development Life Cycle) and SDLC (System Development Life Cycle) as well...
Compare and Contrast PDLC (Program Development Life Cycle) and SDLC (System Development Life Cycle) as well as Application Programmers and Web Programmers and also Application and Website. Please answer. Thank you
1. Research and discuss why project management is important for the Software Development Life Cycle (SDLC).
1. Research and discuss why project management is important for the Software Development Life Cycle (SDLC).
a) Do you think following a Software Development Life Cycle (SDLC) model for Software development would increase the quality of the product? Why.
QUESTION 2 a) Do you think following a Software Development Life Cycle (SDLC) model for Software development would increase the quality of the product? Why. b) What is the difference between SRS document and design document? What are the contents we should contain in the SRS document and design document.QUESTION 3 a) What is a class and object? Give the diagrams and representation of class and object. b) What is generalization? Give an example of generalization. 
​Describe the System Development Life Cycle (SDLC), Joint Application Development (JAD), Rapid Application Development (RAD), and...
​Describe the System Development Life Cycle (SDLC), Joint Application Development (JAD), Rapid Application Development (RAD), and Agile methods. Compare and contrast these methods and explain advantages and disadvantages of each.
Identify the stages of the System Development Life Cycle (SDLC) and four (4) activities. (20 marks)...
Identify the stages of the System Development Life Cycle (SDLC) and four (4) activities. Hints : student must describe each stage and link the stage with activities. remark : This is 20 marks question, please answer me in full sentence.
Research about Software Development Life Cycle (SDLC). Write a short discussion at least 250 words detailing...
Research about Software Development Life Cycle (SDLC). Write a short discussion at least 250 words detailing implementation or challenges of one the following methodologies in relation to software development:- Waterfalls Scrum Agile Kanban if you can. can you write in typing please so i can copy paste
write a system development life cycle (SDLC) all the 7 stage on a phone product 1-Planning...
write a system development life cycle (SDLC) all the 7 stage on a phone product 1-Planning 2-Requirements Analysis 3-Design 4-implementation 5-Test 6-Deployment 7-Maintenance like in planing stage the phone made for who and in requirements analysis what should be in the phone battery screen etc and the design in plastic or metal just in basic no need for advanced
Explain all 5 (FIVE) stages of Systems Development Life Cycle (SDLC) when developing an accounting system....
Explain all 5 (FIVE) stages of Systems Development Life Cycle (SDLC) when developing an accounting system. In addition, describe the accountant’s roles in each of the phase. (Hint: 25 marks for explanation of SDLC phases + 5 marks for description of accountant’s roles in each phase = 25 marks. Hence a total of 50 marks)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT