Easy way to Understand and integrate security throughout the Software Development lifecycle (SDLC)

In this Post we are discusses  the  various  methods  and  considerations  when  developing  an  application.  The  lifecycle  of  development does not typically have a final goal or destination. Instead, it is a continuous loop of efforts that must include  steps at different phases of a project.

Development methodologies. There are many different development methodologies that organizations can use as part of the development lifecycle. The following table lists the most common methodologies and the key related concepts.

Methodology   Key Concepts 
Build and fix ·  Lacks a key architecture design

·  Problems are fixed as they occur

·  Lacks a formal feedback cycle

·  Reactive instead of proactive

Waterfall ·  Linear sequential lifecycle

·  Each phase is completed before continuing

·  Lacks a formal way to make changes during a cycle

·  Project is completed before collecting feedback and starting again

V-shaped ·  Based on the waterfall model

·  Each phase is complete before continuing

·  Allows for verification and validation after each phase

·  Does not contain a risk analysis phase

Prototyping ·  Three main models:

·    Rapid prototyping uses a quick sample to test the current project.

·    Evolutionary prototyping uses incremental improvements to a design.

·  Operational prototypes provide incremental improvements, but are intended to be used in production.

Incremental ·  Uses multiple cycles for development (think multiple waterfalls)

·  The entire process can restart at any time as a different phase

·  Easy to introduce new requirements

·  Delivers incremental updates to software

Spiral ·  Iterative approach to development

·  Performs risk analysis during development

·  Future information and requirements are funneled into the risk analysis

·  Allows for testing early in development

Rapid  application  development ·  Uses rapid prototyping

·  Designed for quick development

·  Analysis and design are quickly demonstrated

·  Testing and requirements are often revisited

Agile ·  Umbrella term for multiple methods

·  Highlights efficiency and iterative development

·  User stories describe what a user does and why

·  Prototypes are filtered down to individual features

Maturity models. There are five maturity levels of the Capability Maturity Model Integration (CMMI):

  1. Initial. The development process is ad hoc, inefficient, inconsistent and unpredictable.
  2. Repeatable. A formal structure provides change control, quality assurance and testing.
  3. Defined. Processes and procedures are designed and followed during the project.
  4. Managed. Processes  and  procedures  are  used  to  collect  data  from  the  development  cycle  to  make improvements
  • Operation and maintenance. After a product has been developed, tested and released, the next phase of the process is to provide operational support and maintenance of the released product. This can include resolving unforeseen problems or developing new features to address new requirements.


  • Change management. Changes can disrupt development, testing and release. An organization should have a change control process that includes documenting and understanding a change before attempting to implement. This is especially true the later into the project the change is requested. Each change request must be evaluated for capability, risk and security concerns, impacts to the timeline, and more.


  • Integrated product team. Software development and IT have typically been two separate departments or groups within an organization. Each group typically has different goals: developers want to distribute finished code, and IT wants to efficiently manage working systems. With DevOps, these teams work together to align their goals so that software releases are consistent and reliable.

Learn More:

For solution, online support and query email us at .

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!