Risk Assessment, Threat Modeling and Security Testing in SDLC (2012.07226v1)

Abstract: The software development process is considered as one of the key guidelines in the creation of said software and this approach is necessary for providing a more efficient yet satisfactory output. Without separation of work into distinct stages, it may lead to many delays and inefficiency of the project process where this disorganization can directly affect the product quality and reliability. Moreover, with this methodology established as the standard for any project, there are bound to be missteps specifically in regard to the involvement of security due to the lack of awareness. Therefore, the aim of this research is to identify and elaborate the findings and understanding of the security integrated into the process of software development as well as the related individual roles in ensuring that this security is maintained. Through thorough analysis and review of literature, an effort has been made through this paper to showcase the correct processes and ways for securing the software development process. At the same time, certain issues that pertain to this subject have been discussed together with proposing appropriate solutions. Furthermore, in depth discussion is carried out regarding methods such as security testing, risk assessment, threat modeling and other techniques that are able to create a more secure environment and systematic approach in a software development process.