Software Engineering - Security as a Process in the SDLC

by Nithin Haridas Sept. 1, 2017 via SANS Institute

Most of the Application developers align to the Software Engineering Principles that follow through a standardized SDLC phases, but never consider or have a disciplined process to address the factor called Security in any of the phases. Does authentication and authorization mechanism (like Login and Password) on applications make them secure? Do these security considerations on developed application help them to address security in its entirety? Security attacks at the application layer have made the organizations realize the fact that security needs to be considered at the same priority as its functionality. This paper explains about how Security as a process can be incorporated or identified in the Software Engineering principles1 (SDLC phases) and how Organizations can leverage upon considering Security as an effective process within the existing development framework.