Tiny Notes on SDLC Lifecycle

Written By LD

The Beginning

Profile your technology stack including applications or APIs that you are using to develop your product. Profile your tech stack during the design phase when you are planning your product.

Gather Your Security Requirements

What security requirements will you utilize. These will be specific to the tech stack you are using like Java, Python, APIs, etc. What security issues do you need to think about if you use Java as a language? What security issues should you be aware of when using or creating APIs?

Threat Modeling

Create an inventory of assets you will use and what threats they are vulnerable to. Will you use that legacy system or move to the cloud? Not all things require the same amount of concern. Newer updated tech, or tech that does not contain critical data, maybe less of a concern for your business compared to a system with sensitive data on it.

Static Code Analysis

Scan for obvious problems like input validation before putting anything into production. Do open-source analysis here.

Open-Source analysis

Analyze any dependencies you are using. Be aware of which version you have so that you can keep on top of new vulnerabilities, and keep those dependencies up to date.

Dynamic testing

Take the black-box approach. Test your app with zero context of the code or the process. This is typically done during staging- before production.

Pen testing

Hack your product. This is done before public release.

LD
Previous

Common Security Practices
Next

HIPAA Security