Secure Software Development Cycle

Question: How secure software development cycle can provide help to mitigate SQL and other vulnerable attacks. Answer: Introduction This paper is about Secure Software Development Cycle and how it can provide help to mitigate SQL and other vulnerable attacks. Software Development Cycle is used to develop software solution in an active and reliable manner. But security of this development cycle is very much necessary to maintain. Secure Software Development Cycle is also known as S-SDLC refers to incorporating security into Software Development Life Cycle. In every phase, security will be highly preferred or stressed by developers. Incorporating security into software development framework provides various benefits to developers and users. There are some important reasons available for using S-SDLC, but the main reason is that it gives prevention from hackers and phishers. These attacks are vulnerable to computer systems and networks. Besides these attacks, Secure Software Development Life Cycle can control SQL attacks. In next segment of this report, we will discuss that how S-SDLC is beneficial for SQL Attacks. Discussion Secure Software Development Lifecycle can control SQL attacks, but before emphasize on this topic, it is important to discuss SQL attacks. SQL attack is also known as SQL injection attack. It is related to insertion or injection of SQL query via the input data from client side to application. A successful SQL injection or attack can read sensitive data from the application database, modify data, insert and delete data from the database. This SQL attack command injects the data-plane input to effect the execution of predefined SQL commands. S-SDLC provides help to control SQL injection in a way that while developing, security process tools and coding techniques are used, and the database coding is also done in a secured way. That is why it becomes difficult for hackers to access the database through an SQL injection. SQL injection enhances confidentiality and integrity of the database and this is necessary to get rid of SQL injection. Besides SQL injections, other attacks that put bad influence over database are virus attacks, malware, and denial of service attacks. These are some common attacks for computer and internet users. Secure Software Development Life Cycle is helpful to mitigate these attacks in a way that during the development cycle, at each phase virus and malware identification and scanning is implementing. This effort provides virus free software solution to users. In this way, secure software development life cycle is helpful to control SQL and other attacks effectively. After discussing secure software solution, now in next segment of this report, we will analyze some essential topics of an article that is about monitoring of security threats, vulnerability assessments and secure software development life cycle and some other important concepts. The purpose of analyzing this article is to explore the importance of secure software development lifecycle. (Owasp.org, 2016) Analysis of Article Security Posture This article delivers information about the security posture, and this is an essential aspect of maintaining security in organizations. Security posture is a security plan for business, and it consists of steps from planning to implementation. All technical, non-technical policies, procedures and controls are mentioned in it, and these can provide prevention from internal and external threats. This security posture is also active to get prevention from hackers, phishers, Spammers and Script Kiddies. Security Posture Assessment Security Posture Assessment is also known as security assessment, and it is a testing or examining process about client current infrastructure and system to identify issues regarding security, vulnerability, and possible loopholes. This security posture consists of different types of controls, Initial Baseline, Continuous Monitoring, Remediation, Performance Baseline and Tools such as protocol analyzers (Wireshark) and monitors for network i.e. HIDS and NIDS. These all tools are highly recommended for network monitoring to maintain security in an appropriate way. (Darryl MacLeod, 2012) Bypass of Security Equipment Besides above security posture and its other essential factors that are useful to maintain security for a long time, another solution is related to Bypass of Security Equipment. It provides help to target attacks against detection. Some ways in bypass of security equipment are failsecure/hardfail, and it reacts to failure in secure ways, and it is considered to be best security option. On other side softfail is reflected to be the least secure way to respond to failures. Next essential topic that is covered in this article is related to system auditing. This system audit is helpful to support procedures, security of systems and recovery of disasters. System Audits In this, baselines are state of IT practices and functionality of system at a specific point in time. This is a basis for comparison or measurement and provides necessary visibility to control change. System Audits can maintain security posture, policies and procedures and the focus of system audit is above discussed baselines. Besides this, right for access, storage, and retention policies are also come under system audit. (InfoSec Resources, 2013) From above discussion, it is cleared that the purpose of the article is to emphasize on essential activities and tools that are necessary to maintain security appropriately. Today with the advancement of technology, security concerns are also increasing, and users have to face issues like database violations and information leakage, etc. To handle these situations, security posture will be helpful enough. Before using security tools and techniques for maintaining security in computer systems and networks, vulnerability assessment is necessary. So that we can know about actual amount of risk in case of security. Vulnerability Assessment According to vulnerability assessment, risk occurs due to threat, assets and vulnerability. Assets can be any item of economic value that is owned by individual or business. Threat can be any circumstance that can put harmful impact over asset or can damage it and vulnerability is security weakness of asset and due to this weakness threat has occurred for asset. While assessing vulnerability regarding security some essential aspects are considered such as risk, impact and probability. Different tools are used for implementing vulnerability assessment such as penetration testing through network mappers (nmap, angry IP scanner, LanSpy). These above discussed processes like system audit, vulnerability assessment, and bypass security equipment can be used for secure software development cycle by developers for developing highly secure, reliable and quality software solutions for IT users. References Darryl MacLeod. (2012). What is Security Posture? Retrieved 17 March 2016, from https://darrylmacleod.wordpress.com/2012/03/09/what-is-security-posture/ 20 Critical Security Controls: Control 6 - Application Software Security | The State of Security. (2013). The State of Security. Retrieved 17 March 2016, from https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-6-application-software-security/ InfoSec Resources. (2013). Introduction to Secure Software Development Life Cycle - InfoSec Resources. Retrieved 17 March 2016, from https://resources.infosecinstitute.com/intro-secure-software-development-life-cycle/ Owasp.org. (2016). SQL Injection - OWASP. Retrieved 17 March 2016, from https://www.owasp.org/index.php/SQL_Injection