Since I am already fairly familiar with the Software Development Life Cycle and it would be kind of pointless to simply explain what each phase is, I want to list things from the book that I had zero previous knowledge of in each phase of the SDLC.
Gather Requirements: A privacy Impact Rating is the classification of the data in which the software will use. There are three classifications - P1, P2, and P3 where P3 is the lowest privacy risk and P1 is the highest.
Design: During this phase, at least from a security standpoint, two things should occur. The first is that an attack surface analysis should be performed. This will show you how much code and software functionality is available to users that are untrustworthy. The second thing that should occur is to create a realistic threat model. A threat model is a visualization of how threats could affect your software and how this threat might occur.
Development: Computer aided software engineering is the use of computers to aid in development. From my understanding, an Integrated Development Environment (IDE) is a form of computer aided software engineering because you are using software to help you develop or enhance new software.
Testing/Validation: Unit Testing - A look at each piece of a program. Data structures, logic, methods, and boundaries.
Integration Testing - Make sure all parts work together as designed.
Acceptance Testing - Making sure requirements are met.
Regression Testing - When a change is made, make sure it nothing else is affected.
Release/Maintenance: Verification - product meets the specs.
Validation - real world solution is achieved.
No comments:
Post a Comment