Princess Sumaya University for Technology The

King Hussein School for Computing Sciences

13434 Secure Software Development

Topic 2: Software Development Lifecycle &

Security Development Lifecycle

Dr. Ahmad Altamimi

Outline
o Software Development Life Cycle (SDLC)
o Popular SDLC Models
o Security Development Lifecycle (SDL)
o Mapping SDL to SDLC
Software Development Life Cycle
(SDLC)
 What is Software Development Life Cycle
SDLC?
o SDLC is a systematic process for building software that ensures the quality and
correctness of the software built.
o SDLC process aims to produce high-quality software that meets customer
expectations.
o SDLC consists of a detailed plan which explains how to plan, build, and maintain
specific software.
o Every phase of the SDLC life Cycle has its own process and deliverables that feed
into the next phase.
 Why SDLC?
o It offers a basis for project planning, scheduling, and estimating
o Provides a framework for a standard set of activities and deliverables
o It is a mechanism for project tracking and control
o Increases visibility of project planning to all involved stakeholders of the
development process
o Increased and enhance development speed
o Improved client relations
o Helps you to decrease project risk and project management plan overhead
 SDLC Phases
o Typical SDLC divided into the following phases:
 Phase 1: Requirement gathering and analysis
 Phase 2: Design
 Phase 3: Implementation or coding
 Phase 4: Testing
 Phase 5: Deployment
 Phase 6: Maintenance
 Phase 1: Requirement gathering and analysis
o It is conducted by the senior team members to collect all the relevant information
to develop a product as per their expectation.
o Once the requirement gathering is done, an analysis is done to check the feasibility
of the development of a product.
o The SRS (Software Requirement Specification) document is created then that
includes five types of feasibilities checks:
 Economic, Legal, Operation feasibility, Technical, and Schedule
 Phase 2: Design
o The system and software design documents are prepared as per the requirement
specification document.
o There are two kinds of design documents developed in this phase:
1. High-Level Design (HLD) contains brief description and name of each module
and its functionality, Database tables, and complete architecture diagrams of
every module
2. Low-Level Design (LLD) contains functional logic of the modules and their
complete input and outputs, database tables, complete detail of the interface,
and listing of error messages
 Phase 3: Implementation or Coding
o The Software design is translated into source code. All the components of the
software are implemented in this phase.
o In this phase, tasks are divided into units or modules and assigned to the various
developers.
o It is the longest phase of the Software Development Life Cycle process.
 Phase 4: Testing
o Once the software is complete, and it is deployed in the testing environment. The
testing team starts testing the functionality of the entire system.
o This is done to verify that the entire application works according to the customer
requirement.
o During this phase, QA and testing team may find some bugs/defects which they
communicate to developers. The development team fixes the bug and send back to
QA for a re-test.
o This process continues until the software is bug-free, stable, and working according
to the business needs of that system.
 Phase 5: Installation/Deployment
o Once the product is tested, it is deployed in the production environment or first
UAT (User Acceptance testing) is done depending on the customer expectation.
o In the case of UAT, a replica of the production environment is created and the
customer along with the developers does the testing.
o If the customer finds the application as expected, then the final software is released
and checked for deployment issues if any.
 Phase 6: Maintenance
o Once the system is deployed, and customers start using the developed system,
following 3 activities occur:
 Bug fixing – bugs are reported because of some scenarios which are not tested at
all
 Upgrade – Upgrading the application to the newer versions of the Software
 Enhancement – Adding some new features into the existing software.
Popular SDLC Models
Software Process Model
o A structured set of activities required to develop a software system.
o Activities include specifying a data model, designing a user interface, etc. and the
ordering of these activities are important.
o By the early 1970s, programmers started adopting these models as part of their
everyday work activity, and these traditional methods still stand today
o The traditional methodologies include the following:
 Waterfall
 Iterative
 Agile
 Spiral
 Others…
Waterfall Model
o Plan-driven model. Separate and distinct phases of specification and development.
o It is a way to develop software following through each phase of the life cycle from
one to the next in a very sequential manner.
o Although Waterfall is a widely accepted SDLC model, however:
 It is too restrictive and forces the developers to complete each phase before
moving on.
 It is also very rare that the users know exactly what they want.
 Poor communication and false assumptions are prevalent in this approach.
Waterfall Model Phases
o There are separate identified phases in the waterfall model:
 Requirements analysis and definition
 System and software design
 Implementation and unit testing
 Integration and system testing
 Operation and maintenance
Iterative Incremental Model
o The iterative incremental model divides the product into small chunks.
o Feature to be developed in the iteration goes through the phases (Requirement
Analysis, Designing, Coding, and Testing).
o Once the iteration is completed, a product is verified and is delivered to the
customer for their evaluation and feedback.
o The feedback is implemented in the next iteration along with the newly added
feature.
Iterative Incremental Model Phases
o Phases of Iterative & Incremental Development Model:
 Inception phase includes the requirement and scope of the Project.
 Elaboration Phase where the working architecture of a product is delivered.
 Construction Phase which fills the architecture with the code which is ready to
be deployed and is created through analysis, designing, implementation, and
testing of the functional requirement.
 Transition Phase here the product is deployed in the Production environment.
o Although, this model can reflect any change in the requirement easily and any
defect can be detected at an early stage. However, complete requirement and
understanding of a product are required to break down and build incrementally.
Agile Model
o This model focuses more on flexibility while developing a product rather than on
the requirement.
o In Agile, a product is broken into small incremental builds. It is not developed as a
complete product in one go. Each build increments in terms of features. The next
build is built on previous functionality.
o In agile iterations are termed as sprints. Each sprint lasts for 2-4 weeks. At the end
of each sprint, the product owner verifies the product and after his approval, it is
delivered to the customer.
o Although this model allows more flexibility to adapt to the changes. However, Agile
needs experienced and highly skilled resources. Lack of documentation.
Agile Model Phases