System Development Lifecycle (SDLC) and It's Security

So what do we understand by system development lifecycle?

It's basic definition is that it is a model which has different policies and procedures to be followed in order to develop any system or to make changes and improve the earlier version of the system and launch a new version/an update. It's main goal is to create comprehensive security program.

Now, this System development lifecycle (SDLC) has some phases which are as follows:

• Analysis
• Planning
• Design
• Development
• Testing
• Deployment
• Maintenance
• Evaluation
• Disposal

1. Analysis phase: In this phase the basic idea is to know the end-user's requirements and follow up to the expectations from the system and it's performance. These information are analyzed and on the basis of which a document is created at the end of this phase, known as software requirement specifications (SRS). This document specifies all the software, hardware, network and functional requirements of the system.

2. Planning phase: This is the most important and difficult task to complete in which the further procedures are planned according to the work to be done such as:

          i) To develop a new system: Here, the tools, the procedures and the structure of that particular system is planned.

         ii) To improve the current system: In this part, the problems arising in the current systems and the latest requirements are taken into considerations and then the solutions and ways to improve that system is planned.

        iii) To dispose a system: Plans are developed for discarding system information, software, hardware and to form a new system.

3. Design phase: In this phase, the different architectural designs, modules and also the security levels are designed in get proper performing system and to have a proper design plan for the development. This design also gives us an idea of how the system will look and function and also the one which meets all the requirements of the customer. This also includes the design of application, network, databases, user interfaces, and system interfaces. 

4. Development phase: Once we have analyzed, planned and designed the system keeping the requirement specifications into documents form, we can move on with the development of the designed system. In this phase, the design is implemented into source code through coding. For improvement of a system, this phase can be the part where the solutions are put into coding and the issue is resolved.

5. Testing phase: This phase is the most important to ensure the working of all the features of a system and for great performance. This testing needs to be performed at every stage of development. Also to ensure security of the system these testings are performed:

• Unit testing
• System testing
• Integration testing
• White-Box testing
• Black-Box testing
• User acceptance
• Software performance testing

6. Deployment phase: Once the system is ready then it is deployed and installed in customer's premises ready to run. After installation, there might be a need to give training to the user in order to get a proper knowledge of the system and to know the features the system provides to the users. 

7. Maintenance: It is one of the important aspects of SDLC. This phase ensures that the system performs as per the customer's specifications and also the needs of the customer continue to be met. This includes bug fixing (if the system reports any bug which needs to be resolved are checked here), updating ( the new requirements and need for an update is essential as per the time which also increases the performance rate of the system) and enhancement ( according to the new needs and update new features need to be added for improved performance).

8. Evaluation: This stage of SDLC ensures the effectiveness of the system and that the new updates and features does not make the systems performance low and do the necessary checks and evaluate the same.

9. Disposal: This is the end of the cycle when there is no need of the initial system and it is now irrelevant, in that case the information in that system might be moved to a new system or eventually be destroyed/discarded. After this, the planning for the new system starts and then again the phases of SDLC come again into the picture.

These are the phases of SDLC which is an iterative process for each project. Having all these steps in mind will give you a clear idea of the project which we will be working and to make this project performance as better as possible.

Secure SDLC (SSDLC)

It checks the security requirements of a system and ensures a stable and risk free system by performing different tasks and tests in order to resolve the issue (if any). These security checks must be done at every phase of the system development lifecycle. This helps the developers to create new systems and software applications in such way that it reduces the security risks. This procedure involves identification of certain threats and vulnerabilities and risks that a system can have and helps implement security controls to remove and manage certain risks. It's main focus is on the design, development and implementation phase while performing security tests at every phase of SDLC. 

I hope this information was helpful to you to understand SDLC, to know more about this topic, you may refer: Wikipedia