Scribd
Upload
79 views1 page

SSDLC Phase

The document outlines the security activities that should be performed during each phase of the software development lifecycle (SDLC). During the plan phase, risks and policies are assessed. In requirements, security requirements and compliance are considered. The design phase includes threat modeling and architecture security reviews. Development focuses on secure coding practices. Testing employs security techniques like static analysis. Deployment assesses the environment. Maintenance implements monitoring and remediation.

Uploaded by

Tanmay Navandar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
79 views1 page

SSDLC Phase

The document outlines the security activities that should be performed during each phase of the software development lifecycle (SDLC). During the plan phase, risks and policies are assessed. In requirements, security requirements and compliance are considered. The design phase includes threat modeling and architecture security reviews. Development focuses on secure coding practices. Testing employs security techniques like static analysis. Deployment assesses the environment. Maintenance implements monitoring and remediation.

Uploaded by

Tanmay Navandar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

SDLC phase Security activity

Plan • Assess risks and security threat landscape


• Evaluate the potential impact of security incidents like
reputational risk to the business
• Identify security goals and establish security policies and
guidelines for the project

Requirements • Include security requirements as part of defining functional


requirements and conduct threat modelling
• Understand and incorporate compliance and regulatory
requirements

Document • Document security controls and processes in SRS document


• Assemble the information to prepare for audits, compliance
checks, and security reviews

Design • Engage in threat modelling


• Make security considerations an integral part of the
architecture plan
• Evaluate security impact of design phase choices such as
platform and UI

Development • Educate developers on secure coding practices


• Incorporate security testing tools in development process
• Evaluate software dependencies and mitigate potential security
risks
• Developers follow the coding guidelines as defined by their
organization and program-specific tools

Testing • Security focused testing techniques


• Perform security testing such as static analysis and interactive
application security testing
• Tested until quality standards are satisfied as defined in SRS

Deployment • Security assessment of deployment environment


• Release the beta version first and review customer feedbacks
and configurations for security.

Maintain • Implement monitoring to detect threats


• Be prepared to respond to vulnerabilities and intrusions with
remediations

You might also like