Home
Business Guide
 
simplicable technology guide   »  security   »  software security process

A Simple Process for Software Security

        posted by , February 23, 2011

Software security is an integral part of the software development life cycle (SDLC).

software security process

Constraints

Security needs to take into account constraints such as budget, time and target architecture.

Example: from a security point of view design methodologies such as SOA represent constraints.


Tools

Security development life cycle tools can help establish security requirements, create quality gates, perform risk assessments, model threats and identify common and known vulnerabilities.

Security testing tools can automate tasks such as vulnerability and penetration testing.

Techniques

Techniques such as security design patterns are critical to the process of building secure software.

Common vulnerabilities

It is important to consider common security vulnerabilities when designing, developing and testing software.

Known vulnerabilities

Known vulnerabilities in components, APIs, servers and algorithms need to be investigated.

Common threats

Common threats to software such as SQL injection and cross-site scripting need to be considered at each step of the SDLC.

Security Architecture and Design

Secure software development begins with a secure architecture and design. Design faults generally represent more serious vulnerabilities than software bugs.

Security Reviews

After code is developed there should be a series of both informal and formal code reviews. Developers can often identify weaknesses in the code that are difficult to discover in testing.

Security Testing

It is possible to automate many black box security tests such as vulnerability scans and penetration tests.

It is important for a security analyst to go further and identify key risks in the software. Test cases should consider the overall architecture and likely vulnerabilities and threats. In other words, security testing should be driven by risk identification.

3 Shares Google Twitter Facebook



Related Articles



Enterprise Architecture
How to architect an organization.




Technology reference cards (executive overviews).

You heard it here — the days of EA are numbered.

The underlying guidelines for architecture.

ITIL implementation is no cakewalk. ITIL impacts your entire organization — your business, your IT department and your inflight projects.


Recently on Simplicable


Big Data Guide

posted by John Spacey
A guide to big data including an overview of key technologies.

10 Big Data Definitions: Take Your Pick

posted by John Spacey
As with any emerging field, the definition of big data is always in flex.

Cloud Guide

posted by John Spacey
A guide to cloud computing including cheat sheets, best practices and metrics.

Web Security: Battleships and Locusts

posted by Anna Mar
There are two types of web security threats: battleships and locusts.

Sitemap













about     contact     sitemap     privacy     terms of service     copyright