AppSec Europe 2018

The Security Development Life-cycle (SDL) is a process that helps developers to build more secure software. This is accomplished by embedding secure architecture, design, development and validation activities into the overarching Software Development Life Cycle (SDLC) process. Our research proposes an approach to secure application development that scales to the varied demands of modern software houses. In this work, we sought to develop an SDL that is suited to Waterfall, Iterative and Continuous Deployment methodologies of software development. Those SDLCs are abstractions that cover vast majority of SDLC types. We present an approach to SDL, the Secure Software Development Framework (SSDF) that is agnostic to the SDLC allowing organizations to combine development style flexibility with security in application development. SSDF also seeks to tackle the efficiency of the process by eliminating redundancy and clarifying requirements, making it easy for software developers and architects to adopt.