SDLC phase Security activity

Plan • Assess risks and security threat landscape

• Evaluate the potential impact of security incidents like
reputational risk to the business
• Identify security goals and establish security policies and
guidelines for the project

Requirements • Include security requirements as part of defining functional

requirements and conduct threat modelling
• Understand and incorporate compliance and regulatory
requirements

Document • Document security controls and processes in SRS document

• Assemble the information to prepare for audits, compliance
checks, and security reviews

Design • Engage in threat modelling

• Make security considerations an integral part of the
architecture plan
• Evaluate security impact of design phase choices such as
platform and UI

Development • Educate developers on secure coding practices

• Incorporate security testing tools in development process
• Evaluate software dependencies and mitigate potential security
risks
• Developers follow the coding guidelines as defined by their
organization and program-specific tools

Testing • Security focused testing techniques

• Perform security testing such as static analysis and interactive
application security testing
• Tested until quality standards are satisfied as defined in SRS

Deployment • Security assessment of deployment environment

• Release the beta version first and review customer feedbacks
and configurations for security.

Maintain • Implement monitoring to detect threats

• Be prepared to respond to vulnerabilities and intrusions with
remediations