DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Domain-8

SDLC (7 Phases) - CBK Based

2/18/2023

0 Comments

 
SDLC Defines the Software Phases
1. Project Initiation and Planning
  • Security must be introduced in this phase (Remember - Security needs to be baked in not bolted on)
  • Security activities should be done in project initiation activities..
  • The deliverable document must include the outline of the project objective, scope, strategies, cost, schedule etc.
  • Security Training for Developer must be planned in this Phase
  • Identification of Legal, Compliance requirement 
  • Assess the Privacy and business impact must be assessed in this phase
2. Functional Requirement Gathering
  • Security Functional Requirement must be documented in this phase
  • Privacy Impact Assessment (PIA) must be done in this phase
  • Security requirement must be formalized
3 System Design Specifications
  • Design the entire application including Data Flow, Data Input, Data Output
  • Threat Modeling is performed in this phase like STRIDE, PASTA etc
  • Secure Design
4 Development and Implementation
  • Adapt the Security Coding Standards for bring the uniformity across the code.
  • Unit,Integration and System testing
  • Code Analysis for Common Vulnerabilities (SAST - Static Code Analysis)
5 Documentation
Security Documentation
6 Testing
  • UAT Testing
  • Certification Process
  • Test with Known good data (never use production data). 
  • Data Validation
  • Bound Checking is conducted to prevent the buffer overflow
7 Transition to Produce 
  • Certification - Technical Evaluation of the product
  • Accreditation - Management acceptance of the product
  • Testing, acceptance and Transition into production in Phase 7
SLC has 9 Phases (7+2)
8 Maintenance and Use
  • ​Revision and System Replacement 
  • Change Management Process should be followed and recorded in making any change in SDLC/SLC Process. In absense of change management process it's difficult to establish the accountability.
9 Decomissioning and Disposal
0 Comments



Leave a Reply.

    Archives

    February 2023

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity