Secured Software Development Life Cycle (SSDLC)
Home > Security > Securing SDLC
Overview
Secured Software Development Life Cycle (SSDLC) is a methodology that integrates security practices and measures the states throughout the development process - from initiation to deployment and maintenance. The primary goal is to reduce vulnerabilities, minimize risks, and ensure robust, secure software.
​
Integrating security throughout the Software Development Life Cycle (SDLC) results in higher-quality, more secure software, reducing risks and costs while increasing compliance and customer trust. Early detection and remediation not only reduces time and costs associated with fixing vulnerabilities, it minimizes legal and financial risks by enabling and ensuring compliance with security regulations and industry standards
Securing the SDLC Framework
CETC Phases & Security Considerations
Initiation
Define security requirements and identify potential risks and threats.
​
Testing
Conduct security testing, including static and dynamic analysis, and penetration testing.
​
Design
Incorporate secure design principles and architecture, perform threat modeling.
​
Deployment
Secure deployment and configuration, continuous monitoring, and incident response planning.
Development
Implement secure coding practices, use pre-approved libraries and frameworks.
​
Maintenance
Apply patches and updates, perform regular security audits and reviews.
​
Key CETC Best Practices
Security Training
Educate developers on secure coding practices and security threats.​
Risk Assessments
Continuously identify, assess, and prioritize security risks.
​
Security Gates
Establish checkpoints to ensure security measures are met before progressing to the next phase.
Automated Tools
Utilize automated tools for code analysis, testing, and monitoring.
​
Incident response
Develop an incident response plan to quickly and effectively address security breaches.
CETC Standards & Frameworks
ISO/IEC 27034
Application security standard to provide guidelines for integrating security into the SDLC.
NIST SP 800-64
NIST guidelines applicable to federal agencies and organizations.
​
OWASP SAMM
Open-source maturity model to help organizations implement and assess secure software practices.
Microsoft SDL
Microsoft's framework for developing secure and privacy-respecting software.
​