CySA+ domain #15: Implementing security best practices in the software development life cycle

Introduction

Insecure software: a never-ending saga that has increased concerns and business risks for organizations, especially in such critical industries as e-banking and e-commerce. As a result, software security has become extremely important to avoid big losses and reputational damage to enterprises. 

Threat actors exploit software vulnerabilities and infiltrate corporate networks to steal sensitive information, manipulate data, and cause SQL injection or Denial of Service (DoS) attacks. According to Akamai, a U.S.-based cloud service provider, SQL injection and Local File Inclusion attacks accounted for 85% among attack vectors. SQL injection attacks comprised over 65% of web-based attack vectors from November 2017 to March 2019.

From state or governmental agencies to local businesses, everyone is bearing the burden of software attacks. In its report, Akamai noted that “The United States maintains an unhealthy lead as the biggest source of SQL injection attacks, but Russia, the Netherlands, and China all show significant amounts of alerts originating from their countries.”

Implementing a proper and secure Software Development Life Cycle (SDLC) is now more vital than ever. Developers need to integrate security into different phases of SDLC to securely develop software applications, especially the critical ones such as electronic voting systems and e-banking systems. Doing so will reduce security issues and beef up the overall security of each phase of the SDLC. 

In this article, we will examine the best practices needed during the software development and secure coding. These are also indispensable for taking and passing the CySA+ exam.

What is SDLC?

The Software Development Life Cycle (SDLC) is a process used to describe tasks carried out at each stage in the software development process. The SDLC model helps developers to design, develop, test and produce high-quality software. Once the production process completes, user training, maintenance and decommissioning (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/jicsuWCWwCw/