Software Development Life Cycle

The software development life cycle (SDLC) defines the steps needed to develop and maintain software through its usefulness. This process is initiated during the software design phase and focuses on quality development standards that result in timely and cost-effective delivery against requirements.

Security analysis and testing is an important component of the development cycle and should be considered through every step of the SDLC, which includes the following phases: analysis, requirements document, design and prototype, implementation (coding), testing and release, and maintenance.

While SDLCs historically were focused on satisfying functional requirements through software development processes, the increase in cyberattacks has resulted in adding the integration of security into each phase of the SDLC.

Check Your Knowledge

Choose the best answer to each question:
Question 1
The traditional software development life cycle (SDLC) has all of the following phases except which of the following?
project initiation and planning
functional requirements definition
system design specifications
security operations support
Question 2
Which of the following statements is true about end-of-life support?
End-of-life support planning starts after the implementation phase of the project.
Access control and data security are major concerns with systems that have become obsolete.
End-of-life support planning does not include backup and recovery support.
Although a system may be outdated or not meeting user needs, end-­of-life implementation is not required.
Question 3
The software development life cycle (SDLC) should represent which of the following?
development model that focuses on security in every phase
methodology designed to define and manage software risks
programming implementation of such languages as Java and C++
rigid methodology with sequential phases
Question 4
Which of the following statement best describes the design phase of the software development life cycle (SDLC)?
The design phase is a logical view of the system.
The design phase is a physical view of the system.
Design phase security concerns have already been established in the analysis phase.
Prototyping tools are not necessary in the design phase as they are used in the development phase.
Question 5
Requests for proposals (RFPs) and service-level agreements (SLAs) are important for which of the following?
extreme programming (XP)
rapid application development (RAD)
joint application development (JAD)
software procurement
Question 6
Which of the following kinds of attacks exploits web applications redirecting malicious code to the web or an application server when security is not fully considered in the system development methodology?
structured-query language (SQL) injection
uniform resource identifier (URL) scripting
cross-site scripting (XSS)
distributed denial of service (DDoS)
Question 7
Which of the following best describes object-oriented programming (OOP)?
non­procedural programming methodology using connected objects
procedural programming methodology using connected objects
programming language used for the development of graphics
none of the above