As mentioned earlier there are several phases of SDLC, the first phase has been the Initiation phase. The five security controls that are required in the Initiation phase are:
The software is meant for serving the purpose of the client and hence from developer point of view it must be ensured that business or client functionality requirements have been fulfilled. Hence in the initiation phase, we begin with the requirement document. It's about engaging the business partner in assessing the security aspects and risk associated and at the same time what could be done so that the protection needs of the software can be covered. The business in most of the cases wouldn't be aware of technical aspects of SDLC and integration of security in it. Hence a set of questionnaires are developed with sole purpose being the transfer of security related technical issues of the software to the client while keeping things in the language of the business partner. The simpler language would enable developers in unraveling the security requirements of the proposed software.
Software development in modern times is a combinations of phases based of established norms. The concepts of software engineering as well testing are very useful when policies and standards are taken into consideration. ...Show more