SECURE SOFTWARE DEVELOPMENT LIFE CYCLE
PLANNING AND DESIGN PHASE
THE PLANNING AND DESIGN PHASE WITHIN A SECURE SDLC EXPANDS ON TRADITIONAL PLANNING AND DESIGN PHASES
THE PLANNING & DESIGN PHASE
There are many different types of applications, and each will generally use different frameworks, models and programming languages for the purpose of meeting very specific business requirements, for example using Node.js versus Angular.js, utilizing Python versus Java in the backend, using Waterfall versus Agile models of development, etc. The design phase is where the programming language, model, and framework will be selected by the development team. When discussing software architecture, it is also important to understand the three-tier and four-tier application architectural standards, which represent the separations of processing between different organizational levels. A software package may embody a Web Application and a Mobile application, and may use the Representational State Transfer (ReST) network application architectural protocol that is often used for web services over HTTP. Typically, the client-server three-tier standard uses the presentation layer (e.g. associated with a web browser for a web application), application layer, and database layer - all built as separate modules - which presents the data to the end-user, processes data, and accesses the database.
Web applications and mobile apps that connect to online network systems
often use ReST to provide web services and access to online resources.
Database systems today are often relational database management
systems (RDBMS) such as MySQL and Microsoft SQL Server, or
NoSQL database such as MongoDB. Much like the OSI network
model, software application tiers/layers work in concert to
provide key functionalities to end-users.
THE REQUIREMENTS PHASE ALLOWS YOU TO UNDERSTAND WHAT THE SOFTWARE NEEDS TO DO TO BE BOTH USEFUL AND SAFE, THE DESIGN AND PLANNING PHASE
FOCUSES ON HOW YOU WILL DO IT
SSDLC PLANNING AND DESIGN PHASE FOCUS
Security planning can encompass many tasks such as documenting the native security flaws and protections built into different platforms, programming languages and frameworks, along with identifying different encryption ciphers and libraries for implementation such as encoding libraries, data validation libraries, and other modules to be used in the application. When using tier-architectural protocols for building the software architecture, developers also define trust boundaries between the tiers (web, mobile, services, and data), establish data encryption and system authentication methods between tiers, and determine how the tiers interconnect and interact, while designing the authentication, session management, and authorization methods for application users.
The SSDLC design phase differs greatly from traditional models in other ways, such as the fact that SSDLCs usually include two critical functions in the aforementioned phase - threat modeling and risk management.
SSDLC PLANNING AND DESIGN PHASE
THE REQUIREMENTS PHASE ALLOWS YOU TO UNDERSTAND WHAT THE SOFTWARE NEEDS TO DO TO BE BOTH USEFUL AND SAFE. THE PLANNING AND DESIGN PHASE FOCUSES ON HOW YOU WILL DO IT
Threat modeling is often used in conjunction with risk management, which can encompass everything from architectural risk analysis - the identification of all security issues in a software's architecture and the innate risks to business assets as a result - to general risk assessments.
With this data, probable vulnerabilities can be determined in conjunction with analyzing the frameworks and programming languages to be used, so that feasible attack vectors can be identified. This information is used to determine what business assets are at risk, and to what extent.
THIS INCLUDES A SYSTEMATIC CONSIDERATION OF RISKS PRESENT
WHAT ARE THE PROBABILITIES OF EACH RISK
WHAT ARE THE CONSEQUENCES OF EACH RISK
This is done by ascertaining the technical and business impact of an exploit being successfully deployed against your business. The technical impact is associated with the effects on your technical infrastructure, which may include the loss of (data) integrity, privacy (confidentiality) and availability (e.g. in the event of a DoS or DDoS), all of which depends on the type of attack. The business impact considers the more immediate business losses associated with fines due to non-compliance with data security legislation, lawsuits, loss of reputation, financial loss, and privacy violations associated with a data breach occurring.
The severity of a risk to your business is innately tied to the overall impact of a data breach associated with the combined levels of the technical impact & business impact of a cyber-attack.
WE THEN ASSIGN RISK LEVELS TO EACH PERCEIVED RISK
ANY HIGH RISKS IDENTIFIED MUST BE ASSESSED ON THEIR IMPACT
Though the above risk assessment methodology is a powerful tool to protect your business systems, as software changes it is important to continuously update and utilize threat models and risk analysis to keep your business infrastructure protected. During the design phase of the SSDLC, establishing and incorporating threat models, risk analysis, and security features before actual development (coding) allows everyone on the development team to fully understand the significance of security - and the importance of ensuring the integration of security features - in the software project.
Because the design phase of the Secure SDLC is the bridge between the ``what`` of the software functionality and the ``how`` - coupled with the fact that many security flaws in applications result from faulty design - it is imperative that the design phase is carried out thoroughly and with security in mind.