Secure Software Development Training 7

1
SECURIUM FOX offers cyber security consultancy
services with its expert and experienced team. We
are providing consulting services to prevent
cyber attacks, data leak and to ensure that our
customers are ready and safe against cyber
attacks, with more than 15 years of
experience.In addition to pentests and
consulting services, SECURIUM FOX prepares its
customers and field enthusiasts for real life
scenarios by providing trainings in the lab
environment which was prepared by themselves,
with its young, dynamic and constantly following
team.Everytime that hackers are in our lives,
there are always risks that we can face with a
cyber attack. Over the years cyber security has
become a critical precaution for all
organizations and companies after the effects and
number of attacks. SECURIUM FOX tests the weak
points of customers for possible attacks and
provides consulting services to eliminate these
weak points.SECURIUM FOX team also offers
support for the development of our country in
this field by supporting free events being
organized as a volunteer by the Octosec team.
ABOUT US
2

• SECURE SOFTWARE DEVELOPMENT TRAINING

3
Secure SDLC What Is it and Why Should I Care?

• A Software Development Life Cycle (SDLC) is a
  framework that defines the process used by
  organizations to build an application from its
  inception to its decommission. Over the years,
  multiple standard SDLC models have been proposed
  (Waterfall, Iterative, Agile, etc.) and used in
  various ways to fit individual circumstances. It
  is, however, safe to say that in general, SDLCs
  include the following phases

4
What is a Software Development Lifecycle?
5
Defined

• SDLC stands for software development lifecycle. A
  software development lifecycle is essentially a
  series of steps, or phases, that provide a
  framework for developing software and managing it
  through its entire lifecycle. Although there's no
  specific technique or single way to develop
  applications and software components, there are
  established methodologies that organizations use
  and models they follow to address different
  challenges and goals. These methodologies and
  models typically revolve around a standard, such
  as ISO/IEC 12207, which establishes guidelines
  for the development, acquisition, and
  configuration of software systems.

6
Software Development Methodologies

• The most frequently used software development
  models include
• Waterfall Development ProcessWaterfall This
  technique applies a traditional approach to
  software development. Groups across different
  disciplines and units complete an entire phase of
  the project before moving on to the next step or
  the next phase. As a result, business results are
  delivered at a single stage rather than in an
  iterative framework.
• Agile Development ProcessAgile Adaptive
  planning, evolutionary development, fast
  delivery, continuous improvement, and a highly
  rapid and flexible response to external factors
  are all key components of an Agile approach.
  Developers rely on a highly collaborative,
  cross-functional framework with a clear set of
  principles and objectives to speed development
  processes.
• Lean Software DevelopmentLean Software
  Development (LSD) This methodology relies on
  techniques and practices used within a lean
  manufacturing environment to establish a more
  efficient and fast development culture. These
  techniques and practices include eliminating
  waste, amplifying learning, making decisions as
  late in the process as possible, delivering fast,
  empowering a team, embracing integrity, and
  viewing development as broadly as possible.

7

• DevOps This technique combines "development" and
  "operations" functions in order to build a
  framework focused on collaboration and
  communication. It aims to automate processes and
  introduce an environment focused on continuous
  development. Learn how Veracode enables DevOps.
• Iterative Software DevelopmentIterative
  Development As the name implies, iterative
  software development focuses on an incremental
  approach to coding. The approach revolves around
  shorter development cycles that typically tackle
  smaller pieces of development. It also
  incorporates repeated cycles an initialization
  step, an iteration step, and a project control
  list. Iterative development is typically used for
  large projects.
• Spiral Software DevelopmentSpiral Development
  This framework incorporates different models,
  based on what works best in a given development
  process or situation. As a result, it may rely on
  waterfall, Agile, or DevOps for different
  components or for different projects that fit
  under the same software development initiative.
  Spiral uses a risk-based analysis approach to
  identify the best choice for a given situation.
• V Model Software DevelopmentV-Model Development
  The approach is considered an extension of
  waterfall development methodologies. It revolves
  around testing methods and uses a V-shaped model
  that focuses on verification and validation.

8
Phases of the SDLC Process

• A sound SDLC strategy delivers higher-quality
  software, fewer vulnerabilities, and reduced time
  and resources. It not only aids in developing and
  maintaining software, it delivers benefits when
  the times comes to decommission code. Veracode
  makes it possible to integrate automated security
  testing into the SDLC process. Here's how you can
  tackle the task effectively

9
Step 1 Plan

• sdlc-stage-plan-50px.png
• Software Planning and Requirements
• The first step in any initiative is to map out a
  planning process. During this phase, an
  organization must identify the release theme,
  contents, and timeline. This typically includes
  activities such as collecting end-user
  requirements, determining user stories to include
  in the release, and planning release phases and
  dates.
• Key considerations at this phase include
• Ensuring an application meets business
  requirements.
• Engaging in threat modeling/secure design.
• The choice of language and libraries to use in
  the development process.
• Mapping test cases to business and functional
  requirements.

10
Step 2 Code and Build

• Code and Build
• This phase includes the actual engineering and
  writing of the application while attempting to
  meet all of the requirements established during
  the planning phase.
• Key considerations at this phase include
• Training developers on secure coding.
• Finding and fixing defects and security
  vulnerabilities in code, while writing it.
• Using open-source components in a secure way.
• Reducing unproductive time that developers spend
  waiting for test results.

11
Step 3 Test

• During this phase, the team tests code against
  the requirements to make sure the product is
  addressing them and performs as expected. This
  phase includes conducting all types of
  performance, QA, and functional testing, in
  addition to non-functional testing, such as UX
  testing. While testing has traditionally taken
  place after the development phase, organizations
  embracing a best-practice approach are moving to
  continuous automated testing throughout the SDLC.
• Key considerations at this phase include
• Testing the application against security policy
  using several testing methods, including static,
  dynamic, software composition analysis, and
  manual penetration testing.
• Conducting a comprehensive array of performance,
  functional, unit, and integration testing using
  the same language and protocols of systems being
  tested.

12
Step 4 Stage

• In the release phase, a team deploys the software
  onto production servers. This includes packaging,
  managing, and deploying multiple complex releases
  across various environments, including private
  data centers and clouds, as well as public cloud
  resources.
• Key considerations at this phase include
• Tracking the progress of a release and its
  components.
• Moving away from manual release processes to an
  automated process where releasing software is
  based on a business decision.
• Adding security testing as part of the final
  quality checks.

13
Step 5 Deploy and Monitor

• During this phase, a product is in production and
  being used by customers. Monitoring the
  application's performance and user experience is
  critical to ongoing improvement. An organization
  establishes feedback loops to ensure operational
  data is made available to developers and testers.
• Key considerations at this phase include
• Continuing to test and monitor applications in
  production.
• Re-assessing applications for performance,
  security, and user experience as theyre updated
  or changed.

14
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.

• INFO
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,
• Gurunanak Nagar,Patamata,Vijyawada,
• Andhra Pradesh -520010
• 9652038194
• 08666678997
• info_at_securiumfoxtechnologies.com

15

• info_at_securiumfoxtechnologies.com
• Andhra Pradesh Office
• 91 8666678997,91 91652038194
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
  wada,
• info_at_securiumfoxtechnologies.com
• UK Office
• 44 2030263164
• Velevate, Kemp House, 152 - 160,City Road,EC1V
  2NX
• London
• info_at_securiumfoxtechnologies.com
• Tamil Nadu Office
• 91 9566884661
• Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
  620019
• info_at_securiumfoxtechnologies.com

• Noida Office
• 91 (120) 4291672, 91 9319918771
• A-25, Block A,
• Second Floor,Sector - 3,
• Noida, India
• info_at_securiumfoxtechnologies.com
• USA Office
• 1 (315)933-3016
• 33 West,17th Street,
• New York,
• NY-10011, USA
• info_at_securiumfoxtechnologies.com
• Dubai Office
• 971 545391952
• Al Ansari Exchange, Ansar Gallery - Karama
  Branch, Hamsah-A Building - 3 A St - Dubai -
  United Arab Emirates