In the coming weeks I will be blogging about Secure Development Life Cycle process. I feel that in many organizations a lot of focus is placed on Software Development Life Cycle without taking into consideration the security and the possible hacks that may occur because of poorly written insecure code. Most of the security flaws are discovered during audits or penetration testing performed by an outside organization. Even worse, in many organizations the security flaws are discovered due to a hacking attempt.
The goal of the blog series would be to understand the importance of Secure Development Life Cycle and look into how this can be embedded into the Software Development Life Cycle. In many cases it’s simply a matter of following polices, agreed upon coding standards and understanding that the application may be hacked by an intruder. As we go along understanding the Secure Development Life Cycle, we will also look at some of the common techniques how code can be hacked and possible remedies. Following are some of the topics we will be discussing:
- What is Secure Development Life Cycle?
- Code Security Analysis
- Manual Penetration Testing Vs. Automated Testing
- Ethical Hacking
- Code Security Analysis and Continuous Integration
- XSS (Cross Site Scripting)
- SQL Injection
- Flash Security
- Veracode – Application Security Solution
With this series I hope to improve my understanding of Secure Development Life Cycle and in the process I hope you find it useful as well.