Home
Business Guide
 
simplicable technology guide   »  security   »  software security process

A Simple Process for Software Security

        posted by , February 23, 2011

Software security is an integral part of the software development life cycle (SDLC).

software security process

Constraints

Security needs to take into account constraints such as budget, time and target architecture.

Example: from a security point of view design methodologies such as SOA represent constraints.


Tools

Security development life cycle tools can help establish security requirements, create quality gates, perform risk assessments, model threats and identify common and known vulnerabilities.

Security testing tools can automate tasks such as vulnerability and penetration testing.

Techniques

Techniques such as security design patterns are critical to the process of building secure software.

Common vulnerabilities

It is important to consider common security vulnerabilities when designing, developing and testing software.

Known vulnerabilities

Known vulnerabilities in components, APIs, servers and algorithms need to be investigated.

Common threats

Common threats to software such as SQL injection and cross-site scripting need to be considered at each step of the SDLC.

Security Architecture and Design

Secure software development begins with a secure architecture and design. Design faults generally represent more serious vulnerabilities than software bugs.

Security Reviews

After code is developed there should be a series of both informal and formal code reviews. Developers can often identify weaknesses in the code that are difficult to discover in testing.

Security Testing

It is possible to automate many black box security tests such as vulnerability scans and penetration tests.

It is important for a security analyst to go further and identify key risks in the software. Test cases should consider the overall architecture and likely vulnerabilities and threats. In other words, security testing should be driven by risk identification.



Related Articles



 Enterprise Architecture
How to architect an organization.



Most Popular Articles This Month

What is security trying to achieve?


Explaining complex business and technical concepts in layman's terms.

Current state blueprints capture business, data and implementation architecture at the conceptual, logical and physical levels.


Recently on Simplicable


Physical Security Explained

posted by Anna Mar
Physical security is real world security. The type of security that existed long before the information revolution.

Canary Trap Explained

posted by Anna Mar
A digital signature embedded in information that can be tied to a source such as an individual or an IP address.

Honeypot Explained (Security)

posted by Anna Mar
A honeypot is decoy designed to distract attackers from your information infrastructure.

Security Techniques

posted by Anna Mar
A list of information security strategies and techniques.

about     contact     sitemap     privacy     terms of service     copyright    

Cookies help us deliver our services. By using our services, you agree to our use of cookies.

Copyright 2002-2024 Simplicable. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Report violations here.