A new application or software product
When designing a new application or software product that entails access control, security should be embedded throughout its development.
· Compare the software development life cycle to the security development life cycle and describe how each is used to enable testing and how they differ from each other.
· Search the Internet and find and describe at least two tools to assist with the software development and security life cycles and discuss the pros and cons of each tool.
Sample Answer
Software development life cycle (SDLC) and security development life cycle (SDLC) are two different approaches to developing software. The SDLC is a general process for planning, designing, developing, testing, and deploying software. The SDLC is often divided into phases, such as:
- Requirements gathering: This phase involves gathering the requirements for the software from stakeholders.
- Design: This phase involves designing the software architecture and user interface.
- Development: This phase involves coding the software.
- Testing: This phase involves testing the software to ensure that it meets the requirements.
- Deployment: This phase involves deploying the software to production.
The SDLC is a general process that can be used to develop any type of software. However, it does not specifically address security concerns. The SDLC can be used to develop secure software, but it is important to be aware of the security risks and to take steps to mitigate those risks.