sdlc for website development

2022.03.23

since20century70Software development life cycle has been highlighted,Experienced many modifications and adjustments。 over time,The development needs of end users are combined with the evolution of challenges。Most kinds of security aspects——Resulting in different software development methods and methods。One of the methods is the safety software development life cycle(SSDLC)。

SSDLCThe emergence is to be in the increasingly severe security challenges facing application security。Data disclosure、Events that violate privacy and other network threats are very common in today's society,Any software development model that does not put security in the primary location is likely to lead to the financial and reputation of development companies.。

UnderstandSSDLCBefore,Let's take a lookSDLCmethod。

What is software development life cycle?

(sdlc for website development)Software development life cycle(SDLC)It is a method for developing a software application system and a standardization method.。SDLCA large number of elements in the general project management life cycle method,This can be clearly seen from the similarity of the steps and phases involved.。

Although it is unlikely to find the same application of two companiesSDLCProcess,But the main stage is common in most organizations.。

SDLCMain stage of the process

Generally,typicalSDLCThe process contains five phases:

Demand collection:Developing each application is to solve some problems,And provide practicality for users。When collecting demand,The goal of the development team is to understand the needs and goals of customers.,And define the resources needed to complete the project in best mode。

design:In this stage,Late the foundation for the entire project。Some of the main details determined here include programming languages、Architecture、platform、User Interface、Communication protocol and security。

Develop/Construct:This is part of the implementation of all plans by developing application source code.,And implement all the features of the application,Includes user interface and security。

(sdlc for website development)test:anySDLCOne of the most important components in the process is the vulnerability of test software、mistake、Performance and function。Any application performance issues found in this stage are usually corrected before deployment.。

Deployment and maintenance:Publish applications for expected clients。It usually includes allowing applications to getapp StoreApproval,And provide download。Of course,Highly specialized enterprise applications will not be released in the app store,But directly to customers。

Frequent software development life cycle model

SDLCProcess remains unchanged in most organizations。but,There is no content in the software development rules manual to force any developers to always follow one-dimensional order.SDLCstage。

For many years,Organization and strategists have tried differentSDLCModel,To better meet customer-changing needs。The most popular example is as follows:

Waterfall

The most direct in all models isSDLCWaterfall method。In the waterfall development,Each stage of the entire development life cycle is in a fixed order,Collect from demand to the final deployment。

V-Model

V Model is a linear model。

(sdlc for website development)The main feature of this model is that it is very emphasized。that's whyvEach stage of the model has its own test activity,In order to test all stages of development,Until completion。

vThe wide test and quality control embedded in the model make it the most expensive and demanding software development method.。therefore,It is only used in the case of highly specialized,For example, a project with a very low risk capacity of failure and errors。

Iterative model

As tissue explores non-traditional and nonlinear working methods,Iterative and incremental models have received more attention。Developers can implement this model in order or in parallel。

Essentially,Iterative model is accumulated,New software modules and functions are added to each iteration。

The advantage of an iterative model is,They allow adjustments to any development phase,As long as the demand changes within the scope of the project。

Iterative model proves the most effective situation is that the application's function is just a large project of loose dependence.。

Agile development

today,Agile development is the most widely usedSDLCModel。Essentially,Agile follows iterative development style,And more emphasis on communication and early customer feedback。

Each iteration in the agile model is designed to develop a complete module or function.,Reflected in the final version of the application。This means the traditionSDLCThe same step in the process will repeat multiple times,Until the project,Resulting in repeated testing and quality assurance。

Agile guaranteed software version frequently issued and communicated and feedback with customers a popular choice for most organizations。

Agile development is often used in the following cases:

Requires early customer feedback start plan。

Large projects that can be easily split into smaller parts,Every part is incremental development。

(sdlc for website development)NeededSLDCAdd one“S”

SSDLCYesSDLCA natural development,It is to respond to the increasing importance of the modern application development environment.。

(sdlc for website development)general speaking,SSDLCProvide a structured framework for applications designed to strengthen security,Integrate safety elements toSDLCAll stages。

In one device、In the world of gadgets and electronic products,Security vulnerabilities may bring disasters to individuals and organizations。If it is a company,Ignore security may lead to huge economic losses。Just use a single vulnerability to cause serious damage to an organization's system。

existFacebook-Cambridge Analytica、iCloudGive way、NSAofPRISMAfter the monitoring plan, serious data leaks and privacy scandals,EUGDPRAmericanCCPA The legislative framework requires organizations to take data protection measures to all relevant parties。

under these circumstances,Any software developer needs to make safety as a key consideration of each stage of the development of life cycle.。

SSLDCProvide solutions for such security disasters,Make your organization to minimize risks,And significantly control its reputation and financial security。This is the company's adoptionSSDLCMain reason。

SSDLCBest Practices

Let us see how to modify the classic when integrating security into each stage.SDLCThese steps。

1.Demand collection

This stage now focuses on preparing a list of security and regulatory requirements,And other general details of the project。Generally develop a detailed plan,Develop appropriate security activities for all different stages。

(sdlc for website development)A key part of this stage is safety awareness training。Training courses aim to provide security knowledge for project participants,Make them to take measures to carry out safety design and development,And from the beginning, the entire team is established for the entire team.。

2. design

The design phase is the stage of determining all details,Such as programming language、Software Architecture、Function and user interface。At this stageSSDLCPractice involves most security functions and defense mechanisms for applying applications。

Some of this stage include security activities with safety activities:

Threat modeling: Simulated attack scene,And integrate effective countermeasures into the list of identified threats that can endanger applications,Thus laying the foundation for all safety measures taken。Early testing of possible threats not only reduces the possibility of successful attacks,And it also reduces the cost related to the security integration of the entire project。

(sdlc for website development)Design documentation and review:Modeling results help team ready to design documentation,Key vulnerabilities that identify security needs and application security needed。

(sdlc for website development)Identify third party risks:If the associated third party components are fragile,Then even the safest application is also easy to attack,This makes the entire system fragile。therefore,Check and monitor security vulnerabilities that may exist in third-party applications,And patch when necessary,Guaranteed that the integrity of the entire application system is crucial。

3. Develop/Construct

existSSDLCContext,This phase involves security coding and scanning activities.。

Secure code:In this stage,Will consider the safety best practice of application coding,Such as authentication and encryption。usually,The team's goal is to follow safety coding practices,This successfully eliminates many basic vulnerabilities,Maximize the need for the same steps to restore and patch the needs of the vulnerabilities in the project.。

SASTStatic application scanning tool(SAST) Can help the application completed before testing and reviewing the code。Static scan helps discover all the problems in various stages of development,Make the development of the project more easily detection and repair problems。

Manual code review:SASTProvide automatic scan function。Help developers save a lot of time and energy in discovery code defects and vulnerabilities,However, there is still a need for manual review to identify the potential problem in code that malicious attackers may use.。

4. test

The test phase is the stage of safety testing.。Common practices performed at this stage include:

Dynamic scanning: and SASTdifferent,Dynamic Application Scanning Tool (DAST) Simulate hacker attacks and threats at runtime to expose application vulnerabilities。Combined with the previous stage SAST,DAST Added an additional test layer,To eliminate most security errors。

Fuzzy test: In the blur test,Developers generate random inputs for simulated custom modes,And check if the application can handle these inputs。This helpsSQLInjection and other issues,SQLIntroduction is a malicious input。

Penetration test:Improve attack by inviting third-party security teams to simulate attacks,Is one of the best ways to hide vulnerabilities in any system。The development team may always ignore the experience and knowledge of third-party experts and some attack scenarios that may be reproduced by penetration test.。

5. Deployment and maintenance

(sdlc for website development)When the app is online,Developers do not end。Applications have their own ecosystem,Must be managed、Maintenance and care。

Some of this stageSSDLCInclude:

Environmental response:The application itself may be unloraity,But each application is only useful when it is related to a larger ecosystem.。Once the application starts,The impact of monitoring environments and their behavior and integrity of applications are a key aspect of maintenance。

(sdlc for website development)Event response plan:In the real world,No application can truly avoid the impact of security vulnerabilities。Accident Response Plan stipulates a plan that team must follow during the accident、Action and procedures。

Security check:Threats and attacks are always developing,To ensure safety,Applications must develop faster。Frequent security checks help protect applications from new forms of attacks and vulnerabilities。

In traditionalSLDCModel,Agile development has replaced the traditional method of developing life cycles in most organizations.。However,Agile environment and safety practices and tools are inconsistent。This is mainly due to agile development methods requires a wide range of security tests.。Due to each stage in agile development, iteration is executed.,andSSDLCEach stage is embedded in security components,Agile team may find a lot of repetition tests。

This also means,WillSSDLCIntegrated into the agile environment,Companies need to experience a lot of transformation。During agile development,Safe is no longer an idea,Instead, it is necessary to run through everyday work habits.。

(sdlc for website development)The ultimate goal of each company is clear,Embrace greater security by integration of different stages and part of development。


Read link:

https://resources.infosecinstitute.com/topic/introduction-to-secure-software-development-life-cycle/

返回列表
更多新闻资讯