2. Introduction
Organizations are increasingly incorporating
changes in the Software Development Life Cycle
(SDLC) in order to improve security posture and
create a robust IT System. These changes are aimed
to bring security at software development stage
itself, rather than incurring expensive fixes for IT
vulnerabilities post-implementation of the
software. Traditionally, SDLC was focused towards
fulfilling specific business requirements, functions
and features in a step-down manner.
4. Inception stage
• Business Requirement Document is prepared
keeping security aspects in consideration and
foresee security concerns from a third-party
aspect.
5. Elaboration stage
• Based on Technical Requirement Document
received from inception teams, analysis and
design ensures that the security parameters
are defined and considered.
6. Construction stage
• Achieve greater security controls by building
tools in line with functional and security
vulnerabilities against industry’s security
standards, such as OWASP.
7. Production stage
• Running a penetration testing on scheduled
basis for the system for any security threats
and cyber vulnerabilities.
8. Use of SDLC
• SDLC provides a proper flow to entire process
of software development.
• Bring security in SDLC process because a
stitch in time saves nine.
• Layer of vulnerability that emanates from
open source library.
• Disruption in information systems may need
greater controls and checks.
9. Conclusion
• As SDLC incorporates all the necessary steps
required for the development of a software or
application, organizations that include the extra
step of security in the SDLC, gain in the longer
run. Deploying Secure SDLC ensures that the
problems emanating in system development and
security are addressed, discouraging incurring
costly solutions at the post-production stages or
worse paying huge settlement amounts due to
data thefts and privacy breaches.