The purpose of this article is to ventilate the user to Secure Software Development Life Cycle (S-SDLC). Understanding about Software Development Life Cycle (SDLC) is very significant for anyone who wants to understand S-SDLC.
SDLC process is a well-defined, organized sequence of stages in software engineering,
1. To develop a software product and software applications.
2. Most organizations have a process in place for developing software; this process may, at times, be customized based on the organizations requirement and framework.
The intent of an SDLC process is to produce a product that is cost-efficient, productive and of high quality. The Following are some of the major steps which capped the whole SDLC process, regardless of the organization.
From the very beginning of my professional career I have been a part of different IAM initiatives and have seen and been part of all the phases from requirements gathering till the implementation and warranty support. I have had a chance to see very complex and successful implementations at the same time had some not so good experiences. So, I kept on asking myself what actually has gone wrong with those IAM initiatives that they failed eventually and the organisation lost their investment.
So here are the few key points which I found worth looking into.
Recently security researchers have disclosed reports of a new vulnerability in OWA (i.e. Outlook Web Access). This has been the headline of many security bulletins throughout internet since October 5, 2015.
OWA is a component of Microsoft Exchange Server which is an Internet-facing webmail server and is deployed in private companies and organisations to provide internal emailing capabilities.
Important point to note here is that unlike other web servers that typically have only a web interface, OWA is different. It is a critical internal infrastructure that also faces the Internet, making it an intermediary between the internal, DMZ, and the web.
Every Enterprise has many teams that work for multiple domains. As the security risk of each applications has increased in the recent days, almost all teams either want to have their own security team or they refer to Enterprise Security Team. If the teams work inside the premises, then the corporate policies do not allow the security team to work on all types of security domains.
In order to conduct a high end security testing on the applications or networks, an Enterprise Security team needs a security Lab which should be free from corporate restricted policies and have its own policies to control its internal security & safety. This Lab should be segregated and restricted from other working areas (or can be called as ODC).
What are the requirements for an Ideal Lab?
The basic requirement for a Lab is described below.
Cloud computing is altering the method of business; more or less it has enforced enterprises to reflect virtually about each facet of IT. If we intensely scrutinize the contemporary development of cloud computing architecture, we discover the dearth of visibility in the dark room of cloud. In today’s environment “visibility”, not “security” is an immense cloud task. Worldwide corporations and giant organization do not worry considerably about security because cloud providers are mindful of security and infrastructure disputes. The subject is that they are not having visibility inside their critical data and the rigorous sequence of supervision of information about what is happening exclusively in cloud environment. This is the focal question that desires to be taken care of, even though cloud environment upsurges the business flexibility and scalability.
Compliance is critical, necessary and not evil. Every organization wants to meet the compliance requirements and doing risk assessments, vulnerability management are key to achieve critical requirements.
Most of the times the organizations just see Vulnerability Management as another checkbox in pursue of compliance and forget or ignore many different aspects or they don’t have concrete foundations to carry out a well drilled and oiled Vulnerability Management process and the process complicates or fails mid-way. Our job is to make the process as smooth as possible and sometimes it is better to start at step 0.