SDLC (Secure Development Life-Cycle)
How do you approach security in development? Our experience is that many security flaws can be avoided applying SDLC.
Regardless if you work agile or with a traditional development process, there are some activities that must be carried out to avoid insecure systems and/or software. Secure development cannot simply be achieved through performing test or writing requirements. It is a a continuous activity that covers the full lifespan of the software and system.
Agile development and SDLC
Many seem to believe that agile development is inconsistent with security. Although the formal practices in an agile environment may be different, suitable techniques exist that have been proven to work well also in agile development projects.
Do not worry that SDLC would decrease agility or become an undue burden. Our experience is quite the opposite. Most agile teams embrace security thinking and improve software security significantly.
Sentor has extensive experience helping agile teams implement SDLC and improve development security.
Improve your security with the following services:
- Security analysis of web applications
- Seminars and courses in application security for your developers
- Tests of your developers knowledge in application security
- Security in application design
- Risk analysis and threat modelling at the beginning of the development project
- Counselling in application security during the development process
- Source code audit
- Establishing SDLC activities
- Secure development tools and methods
- Architecture review
- Code review
- Project management and project participation