Secure SDLC Objective and Process
Techtez security framework defines the security objective, process, and tools in every phase of SDLC. This framework is expected to identify and address the security aspects early in the development cycle and ensure a robust and secure application is developed which is free of issues and vulnerabilities.
| SDLC Phase | Process | Tools |
|---|---|---|
| Requirements Elicitation | TECHTEZ developed a comprehensive questionnaire to collect the details of security requirements. Collected details include objectives, regulatory compliance, web security expectations, IAM, data encryption in transit & rest, encryption standards, enterprise integration, API integration (access & data integrity), software licenses and versions, integrating systems, etc. | Spreadsheet-based questionnaire |
| Design | Threat modeling tools are used during the design to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. | Microsoft Threat Modeling |
| Development | Use SAST tools to analyze application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities. | SonarLint, FindSecBugs, SpotBugs, etc. |
| Testing | Dynamic Application Security Testing (DAST) is a black-box security testing methodology in which an application is tested from the outside. The objective of this testing is to identify critical web application vulnerabilities as defined in OWASP (https://owasp.org/). | Nessus, OpenVAS, ZAP, etc. |
This IoT platform designed and implemented using the secure SDLC process as detailed in the previous sections.
TECHTEZ developed / Maintain a telecom application for the US Telecom solution major, this application is used by more than 10 Telcos around the globe.