9 hours 29 minutes
in this video will introduce the Secure Software Development Life Cycle and cover the meta phases that the C. S. A uses to reflect their perspective on the secure software development Life cycle.
What is SS DLC?
Well, in short, it's taking the traditional software development life cycle and ensuring that you have security related activities embedded. Traditionally, security's been employed on Lee at the tail end of projects in the testing phase. But the goal of the secure STL See
is to incorporate security throughout the entire process, from preliminary training
to defining what's being created, designing it, developing it. And then, of course, security still plays a major role in testing Phase two.
They're quite a few different takes on a secure software development life cycle, and various organizations have published standards and frameworks that pertain to this. Here, you can see Microsoft's perspective on the secure software life cycle and the different phases and the different activities at each phase.
NIST itself also defines a secure software development life cycle,
and here you can see there lay out of it.
I so 27 34 is an additional example of a secure software life cycle and Then you have things such as a wasps open Sam, the software assurance maturity model where they incorporate security into evaluating the maturity of your software development life cycle.
There are a lot of other standards out there regarding the secure life cycle that I didn't touch on. But the C s a takes a look at all of those different standards and they've simplified it into three general meta faces. And so, for your CCS K exam, you're gonna want to be familiar with these meta phases and we're gonna go into each one of these phases in the ensuing videos.
But to touch on those, it starts with secure design and development phase.
This phase includes activities ranging from training and developing organisational standards to gather requirements, performing design reviews through threat modelling and writing and testing code.
Sure, gear deployment will this phase. It addresses security and testing activities that must be performed. When you're moving application code from a development environment into production
and rounding it out, we have secure operations. This phase is concerned with the ongoing security of applications as they're running in the production environment. It includes additional defences such as web application firewalls, ongoing vulnerability assessments, penetration tests and other activities that
can be performed once an application is in the production environment.
In this video we covered the secure Software Development Life cycle. We glanced over different standards that exist out there Microsoft, NIST, isso and a wasp to address an embed security in the development life cycle.
Then we took a look at the meta phases of secure development that the C s. A follows secure design and development phase secured employment and secure operation will be going into each of these three and subsequent videos. I look forward to seeing you there.
This course prepares you to take the CCSK certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.