Cloud Software Development Lifecycle (SDLC)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We can't really talk about
00:00
application security without
00:00
understanding at a high level,
00:00
the software development lifecycle.
00:00
In this lesson, we're going to talk about
00:00
the steps of the cloud software development lifecycle,
00:00
we're going to talk about the security implications
00:00
>> that come with each of the stages in the process,
00:00
>> and then we're also going to talk about some of
00:00
the higher-level issues
00:00
regarding secure software development.
00:00
There are six different steps
00:00
in the software development lifecycle.
00:00
There's also a lot of flexibility in terms of
00:00
how software development lifecycles are defined,
00:00
there may be different terminology for the steps,
00:00
but the important thing to understand is that there are
00:00
important controls that really
00:00
should be implemented along the way.
00:00
First is the analyze stage.
00:00
This is where you're trying to figure out
00:00
what is this software
00:00
meant to do at a high level
00:00
without really thinking about the technology.
00:00
Then is the design stage.
00:00
This is when you really begin to
00:00
think about how it's going to look.
00:00
In cloud environments, you want to consider
00:00
whether it's going to leverage other applications,
00:00
whether or not APIs need to be developed to
00:00
access the data and
00:00
that this application is going to be using.
00:00
Another thing you want to consider here from a
00:00
>> security perspective is begin thinking about the risks.
00:00
>> What are potential vulnerabilities
00:00
that may be inherent in this design?
00:00
We're going to talk in more detail about
00:00
>> threat modeling, but that is an important thing
00:00
>> to consider at that stage.
00:00
>> Then we'd be in developing the application or software.
00:00
Then one of the more important things when it
00:00
comes to developing is ensure
00:00
that there are separate environments between
00:00
the development stage and
00:00
our next stage, which is testing.
00:00
You want to ensure that these environment,
00:00
that there's development test,
00:00
potentially a staging environment before
00:00
our final stage where
00:00
the software is put into production.
00:00
In the testing stage, you want to ensure that there's
00:00
adequate testing regarding the functionality,
00:00
as well as think about many of
00:00
the security-related testing elements
00:00
you want to ensure are working effectively,
00:00
potentially encryption, strong authentication.
00:00
Then in the deployment stage,
00:00
there's also important security things to think about.
00:00
First and foremost, although people have
00:00
worked hard to develop this application,
00:00
there needs to be a separation of
00:00
duties between people who are
00:00
developing the code and those who are
00:00
deploying the code to your environment.
00:00
In order to ensure this,
00:00
you really need to have
00:00
an effective change management process.
00:00
Change management is when anything is
00:00
developed and deployed to
00:00
the production environment that that change is vetted,
00:00
approved, and confirmed that it's been implemented.
00:00
This prevents vulnerabilities or
00:00
insecure code or potentially threats like
00:00
backdoors from being promoted
00:00
into a production environment in your cloud.
00:00
The other thing that change management does is it
00:00
ensures a level of non-repudiation.
00:00
Any changes that degrade
00:00
the performance or cause problems,
00:00
can be traced back to specific code.
00:00
It helps you to troubleshoot the issue as
00:00
well as identify the source of the problem.
00:00
Then there's maintenance.
00:00
Cloud applications are continually
00:00
being updated once they're developed,
00:00
and it's important that they are
00:00
maintained for both new features,
00:00
but as well as security.
00:00
More than ever, if you're developing
00:00
in a cloud environment,
00:00
new security vulnerabilities are emerging constantly.
00:00
Organizations used to get away
00:00
with releasing security related patches,
00:00
what their own cadence,
00:00
but now more than ever,
00:00
vulnerabilities are exploited at extremely quick speed
00:00
>> and responsible organizations need
00:00
>> to release security patches to
00:00
match that cadence of the adversaries.
00:00
Quiz question. Change management in this stage of
00:00
the SDLC is essential for security and performance?
00:00
Design, deploy or maintain.
00:00
If you said deploy, that's correct.
00:00
We really want to ensure that all changes to
00:00
the application in our cloud-based environment
00:00
are evaluated and we know who submitted them,
00:00
and it wasn't the same person who
00:00
developed them that is deploying it to the environment.
00:00
In summary, we talked about
00:00
the stages of the software development lifecycle,
00:00
we talked about the cloud-specific considerations
00:00
for the software development lifecycle.
00:00
Different environments up there,
00:00
making sure that whether
00:00
APIs are needed to be developed,
00:00
and then thinking about some of
00:00
the security considerations along each step
00:00
of the software development lifecycle.
00:00
I'll see you in the next lesson.
Up Next