UNFO Security White Paper
Information Security Analyst Executive Summary
Software development life cycles are created to help guide businesses towards meeting specific desires and needs within their applications. They drive the steps used to meet best practices and standards that businesses are required to follow to function. SDLCs are made up of various different stages such as; assessments, application development, QA testing, deployments, etc. Best practices and standards dictate that implementing security within the various steps of an SDLC if not all of the steps will provide the best results that any business is trying to achieve. An SDLC can come in a few different models like a waterfall model, spiral model and a V-Model. This document will be used to describe and give a brief summary on many different processes.
Application Development: During the development of web applications, things such as poor error handling and unsecure data transferring can plague the development. Poor error handling could result in malicious users finding much more information about an application than should be revealed and can use that information to gain access to unauthorized areas, while unsecure data transferring could result in data being stolen as it is broadcasted across a network.
QA/Testing: Security professionals that continually test software and web applications for malicious attacks or security flaws ensure that products will continue to work as desired. Examples of testing that could be used is Integration testing and black-box testing. Integration testing is when individual software modules are combined and tested as a group; while black-box testing is described as a method of software testing that examines the functionality of an application without knowing how it works and how it was coded.
Deployments: Monitoring of the deployment happens here, as well as searching for potential security threats and exploitable...