Scribd
Upload
34 views3 pages

Introduction To Application Security Notes

Hello. This is my document

Uploaded by

togrulaliyev1020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views3 pages

Introduction To Application Security Notes

Hello. This is my document

Uploaded by

togrulaliyev1020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Table of content

-Software Development Lifecycle


-Secure software development lifecycle
-arsenal of solutions
-some fun.

Software Development lifecycle (SDLC)


Software development is the process of planning specifiying designin
programming documenting testing and bug fixing involved in creating and
maintaning applications, frameworks or other software components.
the software development lifecycle meyhodology provides a systematic
management framework with specific deliverables at eery stage of the
development process.
SDLC was invented beacuse of following reasons:
1. Need to develop faster than competitiors
2. Growing team
3. Developing a lot of features in parallel way
4. New roles appear - dev, qa, ba, devops
5. the cost of error becomes expensive
6. downtime it is not just loss of money, this is a loss of reputation
7. new code can break old features.
1)Planning
2)Development
3)Testing
4)Deployment
5)Maintenance

6 phases of the software development life cycle


analysis -> design -> development -> testing -> deployment -> maintenance

Ananlysis:
Product owner
Project Manager
Business Analyist
CTO

Design:
System architect
UI/UX designer
Development:
Front-end developer
Back-end developer

Testing:
Solution architect
QA engineer
Tester
Devops

Deployment:
Data ADministrator
DevOps

Maintenance:
Users Testers
Support managers

Three pillars of SDLC - Brooks` Law.


Brooks` Law: "Adding manpower to a late software project makes it later."
Boehm`s Law: "Costs to find and fix bugs get higher as time goes by."
Conway`s Law: "Any organization that designs a system (defined broadly)
will produce a design whose structure is a copy of the organization`s
communication structure."

SSDLC is implemented within the DevSecOps process and has following


building blocks:
1. Application Securityyh team - people first
2. SDLC and SSDLC processes and requirements
3. Secure Coding guidelines- compliance issues
4. Secure Coding checklist - more intutive to collaborate
5. Tools
5.a. Static application security testing
5.b. Dynamic application security testing
5.c. Software composition analysis
5.d. Container security, infrastructuer security, secret scanner
5.e. Threat modelling
6.f. secure development tarinings
5.g. ...
6. Risk analysis strategy and risk matrix
DevSecOps is transformational shift which incorporates
- secure culture
- practices
- tools
to drive visibility, collaboration, and agility of secure into each phase
of the DevOpsSec pipeline.

Proprietary Tools -
Open-Source Tools -

You might also like