Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW

Software Development Life Cycle

Introduction

Suryanarayan (2015) refers to Software Development Life Cycle (SDLC) as a framework that specifies the phases of software development. It describes how to build, deploy, and maintain software. SDLC defines the entire software development cycle, including planning, creating, testing, and deploying. In the course of a project’s full software development lifecycle, agile software development methodology promotes iterative development and testing in order to keep progress moving forward. In this section, the paper will critique the details about how the agile model works in practice and how it solves the drawbacks of previous techniques. Throughout this essay, the agile model applicability will be described as a core project, as well as its implementation and maintenance. Software development must incorporate the methods and metrics used to assess and manage security risks.

Software Development Life Cycle Critique

Risk profiles classify applications according to the likelihood, impact, and severity of security issues. Legal requirements are examined in light of the risk profile, security and privacy policies of the firm, and so on (e.g. HIPAA, PCI DSS). Security and resilience needs must be gathered and documented by software developers. Software development teams use threat modeling, secure architecture, and planned security features to minimize threats based on the high-level software architecture (Suryanarayana, 2015). The threat modeling process is typically iterative. App partitioning (container-based technique) and security features (cryptography) are proposed as secure software architecture (DES, 3DES, AES, RSA, blowfish). In order to further strengthen security, the AppSec Verification Standard Project of OWASP is highly recommended. The group opts for data collection from target software that is automated. It is common practice for CI/CD pipelines to include static application security testing (SAST) in order to check each build for potential app vulnerabilities. Software implementation, support, and penetration testing are all part of stage four. As a result of security testing, the development team fixes any security flaws that are discovered, and then does regression testing to verify that the fixes are effective (Lübke, D & van Lessen, 2016). A Final Security Review (FSR) is conducted by a team of security specialists to ensure that all previous security concerns have been addressed. External validation is required to assure regulatory compliance in this step.

An extensive set of guidelines for safe software development is provided by the Open Web Application Security Project (OWASP). Creating software that is secure from the start is essential to its success. Software security should not be an afterthought in the development process. Automate source code security analysis across the software development lifecycle (SDLC) Depending on the company, different software engineering and coding priorities may be given higher priority (Lübke, D & van Lessen, 2016). Security and rapidity of development can be at odds. Multi-factor authentication has becoming increasingly popular because passwords are so common in many software platforms. All passwords should be unique and complex enough to withstand most common attacks. OWASP recommends never storing plain-text passwords, only salted cryptographic hashes. The safest way to safeguard software is through access control (Suryanarayana, 2015). The “default deny” strategy should be used when dealing with sensitive material. An important part of preventing problems from occurring is using error-monitoring tools to catch problems as they arise. Priorities under System Configuration include removing extraneous components and ensuring that all working software is updated. Using outdated software is a major cause of security problems. Embedding threat modeling into the software development lifecycle is a best practice. In addition, developers must identify and eliminate potentially dangerous data sources and inputs. Secure key vaults are required for a well-developed software system.

Software Development Methodology

The spiral Modeling Methodology: In the Spiral Model, iterative and prototype methods are employed. The Spiral and Agile models are the best to use if the intended change can be accommodated at any step of the process. Using a spiral model is the favored method in this methodology. In the model, the loops represent the stages of the SDLC process, with the innermost loop representing requirements gathering and analysis and the outermost loop representing planning, risk analysis, development, and evaluation (Lübke, D & van Lessen, 2016). Design and implementation are the following steps in the process, followed by testing. The planning, risk analysis, engineering, and assessment phases of the Spiral Model are all included. Customer requirements are gathered and documented during this phase of the planning process. The planning phase includes requirements gathering. For the next phase, a software specification document is created. After doing a risk analysis, the best solution for the risks involved is selected and the analysis is finished by making a prototype (Suryanarayana, 2015). For instance, retrieving data from a remote database may result in a sluggish data access time. By building a prototype data access subsystem, the hazard can be mitigated. Following completion of the risk analysis, coding and testing are undertaken. In the end, the customer evaluates the finished product and plans for the next iteration.

Finally, the spiral methodology may be applied to a wide range of projects since it is efficient, reliable, and adaptable. In the risk assessment, the prototype models are heavily relied upon. In addition, the following iteration can include any improvements or changes to the functionality. The spiral model, on the other hand, is best suited for large projects only, and the expenses can be significant because it may require a huge number of iterations, which can lead to a long period to get the final output.

References

Lübke, D & van Lessen, T. (2016). “Modeling Test Cases in BPMN for Behavior-Driven Development”. IEEE Software. 33 (5): 15–21. doi:10.1109/MS.2016.117

Suryanarayana, G (2015). “Software Process versus Design Quality: Tug of War?”. IEEE Software. 32 (4): 7–11. doi:10.1109/MS.2015.87

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics