What is the SDLC and security?
D4 ยท Operations ยท CompTIA Security+ SY0-701The SDLC (Software Development Lifecycle) is the structured process for planning, creating, testing, and deploying software. A Secure SDLC integrates security activities into each phase rather than treating security as an afterthought.
SDLC phases with security activities:
๐ Requirements โ security requirements, privacy by design
๐จ Design โ threat modeling, security architecture review
๐ป Development โ secure coding standards, SAST, peer code review
๐งช Testing โ DAST, pen testing, vulnerability scanning
๐ Deployment โ hardening, secrets management
๐ง Maintenance โ patch management, monitoring
SDLC phases with security activities:
๐ Requirements โ security requirements, privacy by design
๐จ Design โ threat modeling, security architecture review
๐ป Development โ secure coding standards, SAST, peer code review
๐งช Testing โ DAST, pen testing, vulnerability scanning
๐ Deployment โ hardening, secrets management
๐ง Maintenance โ patch management, monitoring
Fixing security issues early in the SDLC is 30ร cheaper than fixing them in production. Threat modeling (identifying threats during design) is the most cost-effective security activity. DevSecOps = Dev + Sec + Ops โ security integrated into CI/CD pipelines. OWASP SAMM is a maturity model for secure SDLC.