This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Servlets and the fly likes Sunshine on Java: security in the SDLC Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Sunshine on Java: security in the SDLC" Watch "Sunshine on Java: security in the SDLC" New topic
Author

Sunshine on Java: security in the SDLC

Yvette Schat
Ranch Hand

Joined: Dec 05, 2011
Posts: 64
Hi Natalie,

How do you include/consider security in the SDLC?

Thank you,

Yvette
Sunny Wear
author
Greenhorn

Joined: Jul 25, 2005
Posts: 17
Hi Yvette,
Security and Privacy in the SDLC really needs to start with the requirements. There are Non-functional Business requirements that can
capture Security but, generally, are considered as afterthoughts for projects in some organizations. By placing more emphasis on Security
and Privacy at the inception of a project, the team can then have a better opportunity to carry those concepts into the designs/architecture
and the building of the code. Likewise, those components must then be tested, accordingly by the QA team. Having a Requirements
Tracebility Matrix helps the team to track those requirements through each phase of the SDLC and to better ensure that the product
build and deployed to production is what the business actually wanted. Due to recent breaches, it seems organizations are getting
a more serious approach to incorporating Security and Privacy into the SDLC, let's just hope the business buys into it as well.


"So this is how liberty dies - to thunderous applause" -- Padme (Star Wars - Episode III)
 
jQuery in Action, 2nd edition
 
subject: Sunshine on Java: security in the SDLC