File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Sunshine on Java: security in the SDLC Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Sunshine on Java: security in the SDLC" Watch "Sunshine on Java: security in the SDLC" New topic

Sunshine on Java: security in the SDLC

Yvette Schat
Ranch Hand

Joined: Dec 05, 2011
Posts: 83
Hi Natalie,

How do you include/consider security in the SDLC?

Thank you,

Sunny Wear

Joined: Jul 25, 2005
Posts: 17
Hi Yvette,
Security and Privacy in the SDLC really needs to start with the requirements. There are Non-functional Business requirements that can
capture Security but, generally, are considered as afterthoughts for projects in some organizations. By placing more emphasis on Security
and Privacy at the inception of a project, the team can then have a better opportunity to carry those concepts into the designs/architecture
and the building of the code. Likewise, those components must then be tested, accordingly by the QA team. Having a Requirements
Tracebility Matrix helps the team to track those requirements through each phase of the SDLC and to better ensure that the product
build and deployed to production is what the business actually wanted. Due to recent breaches, it seems organizations are getting
a more serious approach to incorporating Security and Privacy into the SDLC, let's just hope the business buys into it as well.

"So this is how liberty dies - to thunderous applause" -- Padme (Star Wars - Episode III)
I agree. Here's the link:
subject: Sunshine on Java: security in the SDLC
It's not a secret anymore!