
	Home > Software Quality Tips > Application Security Strategies > Secure SDLC: Integrating security into your software development life cycle

Software Quality Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

APPLICATION SECURITY STRATEGIES

Secure SDLC: Integrating security into your software development life cycle

Anurag Agarwal
03.23.2006
Rating: -4.50- (out of 5)

Software quality news and advice

Digg This! StumbleUpon Del.icio.us

Increasingly you hear about the need to integrate security into the software development life cycle (SDLC). A few techniques, including threat modeling, logging and penetration testing, address different parts of the SDLC, but we still lack a standard process for addressing the entire life cycle.

Yes, some companies have developed their own processes:

For the most part, however, companies lack guidance or even information from which they can learn or use as a guideline. In time, the increasing need for a standard for secure design methodology will be addressed by the proper standards authority. Until then, a company can build a custom process based on the following guidelines.

Functional design

Technical design

Coding/construction

Integration & QA testing

Production deployment

As you can see, there are a lot of steps that can be taken to integrate security at different stages in the SDLC. The more steps we take to integrate security, the more difficult we make it for attackers to break into our application. This by no means is a complete process, but it can act as a guideline t

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

Email Address:
Create Password:
Confirm Password:

By joining SearchSoftwareQuality.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

To read more you must become a member of SearchSoftwareQuality.com

As an existing member of the TechTarget network please provide your password to activate your account (Forgot your password?):

Password:

By joining SearchSoftwareQuality.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This! StumbleUpon Del.icio.us

RELATED CONTENT

Application Security Strategies

Fixing four Web 2.0 input validation security mistakes

Social engineering training could disrupt botnet growth

Web security problems: Five ways to stop login weaknesses

Common mistakes in real-time Java programming

Preparing for testing applications in the cloud

The role of quality assurance (QA) pros in software security

Common software security risks and oversights

Using the Firefox Web Developer extension to find security flaws

Web application security testing checklist

How to develop secure applications

Building security into the SDLC (Software development life cycle)

The role of quality assurance (QA) pros in software security

Common software security risks and oversights

Why the quality assurance department should be involved in testing

How to develop secure applications

Secure software development practices 'not rocket science'

How to prevent HTTP response splitting

Browser security a concern for website development

Web application security and the PCI DSS

PCI DSS compliance: Web application firewalls (WAFs)

PCI DSS compliance: The basics

Software security testing and techniques

Fixing four Web 2.0 input validation security mistakes

Commonly-overlooked security flaws in rich Internet applications

Web security problems: Five ways to stop login weaknesses

10 steps to acing Web app security assessments

Hack maliciously to boost your software's security

Software Testing: How to know you're ready to start testing

Software security best practices: Roles developers must play

The role of quality assurance (QA) pros in software security

What is fuzz testing? What are some ways to use fuzz testing?

Software security: Removing insecurity from outsourced development

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

o companies that are still searching for answers on how to build a secure design methodology according to their needs. After all, every step -- however small -- is a step forward in securing your application.

Some other links to check out to find more details on some of the individual topics mentioned here:

Data classification
* http://www.yourwindow.to/information-security/gl_dataclassification.htm

Misuse case
*Threat modeling enhanced with misuse cases
* Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
* Capturing Security Requirements through Misuse Cases(PDF)

Security patterns
*Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management -- Chapter 8
* Security Patterns for J2EE Applications, Web Services, Identity Management, and Service Provisioning

Threat modeling
* Threat Modeling (Microsoft Professional) (Book)

-------------------------------
About the author: Anurag Agarwal, CISSP, works for a leading software solutions provider where he addresses different aspects of application security. You may e-mail him at anurag.agarwal@yahoo.com.

Rate this Tip

To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now to start rating these tips. Log in if you are already a member.

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Software Design & Testing - Project Management

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy