Please enable JavaScript.
Coggle requires JavaScript to display documents.
Software and Hardware Development Security - Coggle Diagram
Software and Hardware Development
Security
The Software Development Life Cycle
Software Development Models
Waterfall
Spiral
Agile
Rapid Application Development
DevSecOps and DevOps
DevOps
combines
software development
and
IT operations
with the goal of optimizing the
SDLC
.
DevSecOps
describes
security
as part of the
DevOps model
Continuous Integration
and
Continuous Deployment
Designing and Coding for Security
Common Software Development Security Issues
Improper error handling
Dereferencing issues
Insecure object references
Race conditions rely on timing
coding best practices
input validation
output encoding,
session management,
authentication
data protection,
parameterized queries
Service-Oriented Architectures (SOA)
SOAP
(Simple Object Access Protocol)
SAML
(REST stands for Representational State Transfer)
Code Review Models
Pair Programming
Over-the-Shoulder
Pass-Around Code Reviews
Tool-Assisted Reviews
formal code review
Fagan Inspection
Software Security Testing
Software Assessment: Testing and Analyzing Code
Static Code Analysis
sometimes called
source code analysis
static analysis
does not
run the program;
Dynamic Code Analysis
execution of the code
while providing it with
input to test the software
Fuzz testing, or fuzzing
Fault Injection
Mutation Testing
Stress Testing and Load Testing
should typically test
for a worst-case scenario.
Security regression testing
performed to
ensure that no new vulnerabilities
,
misconfigurations
, or other issues have been introduced
User Acceptance Testing
users
are asked to
validate whether it meets
the business needs and usability requirements.