Secure SDLC Implementation
True application security can only be achieved by building secure applications. Our expert application security consultants can work with you to develop more secure processes, procedures, and guidelines at every phase of the Software Development Life-Cycle (SDLC), from requirements through to maintenance.
Overview
- Introduction of security activities into the SDLC
- Development of security policies and guidelines for the various SDLC phases, including but not limited to security requirements gathering sessions, threat modelling, security code reviews, security testing, and secure deployment procedures
- Comparison against security standards such as Open SAMM
Key Business Benefits
- Decreased overall cost by identifying larger number of vulnerabilities earlier in the development life-cycle
- Increased security awareness within the development team
- Automatic internal security testing throughout the development cycle
Our Approach
Security Compass' approach to secure SDLC implementation involves:
- Analysis of existing processes to determine optimal security injection points
- Addition of security activities to the existing processes
- Implementation of gating processes at various points within the life-cycle
- Phased adoption of the process throughout the development team
- Integration of the enhanced process into training curriculum to aid in adoption (optional)
Deliverables
The output of an SDLC analysis and secure SDLC implementation is a documented Secure Development Life-Cycle, including template deliverables to drive the process. Optionally, training curriculum can be developed to highlight the changes to the process.
Please refer to the Software Development Life Cycle (SDLC) Assessment Case Study for an example.