Application Security
Secure Software Development Lifecycle (SSDLC)
Also known as: SSDLC, Secure development lifecycle
Definition
A development lifecycle in which security activities are embedded into every phase, from requirements and design through coding, testing, release and operations.
Examples
- Adopting Microsoft SDL practices across a product organization.
- Implementing OWASP SAMM as the maturity model to track AppSec progress.
Related terms
Application Security (AppSec)
The discipline of designing, building, testing and operating software so it resists abuse, tampering and unauthorized access throughout its lifecycle.
DevSecOps
A culture and set of practices that integrates security responsibilities into DevOps workflows so engineers ship secure software continuously and at speed.
Shift-Left Security
The practice of moving security activities earlier in the software lifecycle so vulnerabilities are found and fixed before code reaches production.
Threat Modeling
A structured analysis that identifies the assets, threats, vulnerabilities and mitigations of a system so security can be designed in rather than bolted on.
Secure Coding
Secure Coding — definition coming soon.
Security Requirements
Security Requirements — definition coming soon.