SDLC (Secure Development Life-Cycle)
How do you work with security in development? Our experience is that many security flaws could be avoided through safer development through the life cycle.
It does not matter if you work agile or with a traditional development process. There a number of activities that really should to be done to avoid systems and/or software that is not secure. The important thing is that developing in a secure way cannot be achieved by performing (only) test or writing requirements. Secure development has to be a continuous activity covering the full lifespan of the software or system.
Agile development and SDLC
Many believe that agile development implies that one need not or cannot work with security. It is true that introducing secure thinking into an agile development team cannot use the same formal practices but there are suitable techniques that has shown to work well also in agile development projects.
There is no need to worry that this would decrease agility or become an undue burden. Our expierence is the contrary. Most agile teams embrace security tinking and improve software security significantly.
Sentor has extensive experience to help agile teams getting it right.
Improve your security with the following services:
- Security analysis of web applications
- Seminars and courses in application security for your developers
- Tests of your developers knowledge in application security
- Security in application design
- Risk analysis and threat modelling in the beginning of the development project
- Counselling in application security during the development process
- Source code audit
- Establishing SDLC activities
- Secure development tools and methods
- Architecture review
- Code review
- Project management and project participation