Integration of security processes with the SDLC:
It is constantly agreed, that cost will be more, if we put off security testing after software implementation stage or after deployment. In this way, it is important to include security testing in SDLC life cycle in the prior/earlier stages.
Let's investigate the corresponding Security processes/procedures to be adopted for each stage in SDLC:
SDLC Phases |
Security Processes |
Requirements |
Security examination for prerequisites/requirements and check misuse/abuse cases
|
Design |
Security risk examination for designing. Development of test arrangement including security tests
|
Coding and Unit Testing |
Static and Dynamic Testing and Security white box testing
|
Integration Testing |
Black Box Testing
|
System Testing |
Black Box Testing and Vulnerability scanning
|
Implementation |
Penetration Testing, Vulnerability Scanning
|
Support |
Impact analysis of Patches
|
Test plan ought to include:-
- Security related test cases or situations
- Test Data identified with security testing
- Test Tools required for security testing
- Investigation on different tests outputs from various security tools
0 Comment(s)