10 mins read

Security & Software Development Life Cycle Demystified – CISSP Questions & 7 Stages Of SDLC www.dotifi.com

The 7 Phases Of SDLC (Software Development Life Cycle)
  • Stage 1: Project Planning. …
  • Stage 2: Gathering Requirements & Analysis. …
  • Stage 3: Design. …
  • Stage 4: Coding or Implementation. …
  • Stage 5: Testing. …
  • Stage 6: Deployment. …
  • Stage 7: Maintenance.

What is SDLC?

Streamlined development relies on two things. One is a reliable methodology; second is a detailed process from getting from point A to point B. Are you getting your feet wet in the extensive world of software development for the first time? Then the first step for you is to understand the Software Development Life Cycle (SDLC).

Defining SDLC

A systematic approach that generates a structure for the developer to design, create and deliver high-quality software based on customer requirements and needs. The primary goal of the SDLC process is to produce cost-efficient and high-quality products. The process comprises a detailed plan that describes how to develop, maintain, and replace the software.

The 7 Phases Of SDLC (Software Development Life Cycle)




We are looking at how different threats could actualize. Which phase of the Software Development Life Cycle (SDLC) are we in?

  • Requirements gathering
  • Development
  • Design
  • Testing/Validation


OBJ-8.1: We look at how different threats could actualize in thread modeling, which is part of the design phase of the design phase of Software Development Life Cycle (SDLC). In requirements we would look at potential risks.
Francis is building the security controls and audit trails into a new application. What is the BEST phase listed below in the system development life cycle (SDLC) for Francis to do this work?
  • System initiation phase
  • System implementation phase
  • System operations phase
  • System development phase


OBJ-8.1: In the system development phase, the system is constructed or acquired from a vendor; during this phase, users and administrators will work with the developers to prepare system controls and audit trails to be used during the system operations phase. It is possible the security controls may have been specified as Non-Functional Requirements in the System requirements phase (not listed as an answer).



Stage 1: Project Planning

The first stage of SDLC is all about “What do we want?” Project planning is a vital role in the software delivery lifecycle since this is the part where the team estimates the cost and defines the requirements of the new software.

Stage 2: Gathering Requirements & Analysis

The second step of SDLC is gathering maximum information from the client requirements for the product. Discuss each detail and specification of the product with the customer. The development team will then analyze the requirements keeping the design and code of the software in mind. Further, investigating the validity and possibility of incorporating these requirements into the software system. The main goal of this stage is that everyone understands even the minute detail of the requirement. Hardware, operating systems, programming, and security are to name the few requirements.

Stage 3: Design

In the design phase (3rd step of SDLC), the program developer scrutinizes whether the prepared software suffices all the requirements of the end-user. Additionally, if the project is feasible for the customer technologically, practically, and financially. Once the developer decides on the best design approach, he then selects the program languages like Oracle, Java, etc., that will suit the software.

Once the design specification is prepared, all the stakeholders will review this plan and provide their feedback and suggestions. It is absolutely mandatory to collect and incorporate stakeholder’s input in the document, as a small mistake can lead to cost overrun.

Stage 4: Coding or Implementation

Time to code! It means translating the design to a computer-legible language. In this fourth stage of SDLC, the tasks are divided into modules or units and assigned to various developers. The developers will then start building the entire system by writing code using the programming languages they chose. This stage is considered to be one of the longest in SDLC. The developers need certain predefined coding guidelines, and programming tools like interpreters, compilers, debugger to implement the code.

The developers can show the work done to the business analysts in case if any modifications or enhancements required.

Stage 5: Testing

Once the developers build the software, then it is deployed in the testing environment. Then the testing team tests the functionality of the entire system. In this fifth phase of SDLC, the testing is done to ensure that the entire application works according to the customer requirements.

After testing, the QA and testing team might find some bugs or defects and communicate the same with the developers. The development team then fixes the bugs and send it to QA for a re-test. This process goes on until the software is stable, bug-free and working according to the business requirements of that system.

Stage 6: Deployment

The sixth phase of SDLC: Once the testing is done, and the product is ready for deployment, it is released for customers to use. The size of the project determines the complexity of the deployment. The users are then provided with the training or documentation that will help them to operate the software.  Again, a small round of testing is performed on production to ensure environmental issues or any impact of the new release.

Stage 7: Maintenance

The actual problem starts when the customer actually starts using the developed system and those needs to be solved from time to time. Maintenance is the seventh phase of SDLC where the developed product is taken care of. According to the changing user end environment or technology, the software is updated timely.

Predominant Models of SDLC (Software Development Life Cycle)

Waterfall Model: This SDLC model is considered to be the oldest and most forthright. We finish with one phase and then start with the next, with the help of this methodology. Why the name waterfall? Because each of the phases in this model has its own mini-plan and each stage waterfalls into the next. A drawback that holds back this model is that even the small details left incomplete can hold an entire process.

Agile Model: Agile is the new normal; It is one of the most utilized models, as it approaches software development in incremental but rapid cycles, commonly referred to as “sprints”. With new changes in scope and direction being implemented in each sprint, the project can be completed quickly with higher flexibility. Agile means spending less time in the planning phases, and a project can diverge from original specifications.

Iterative Model: This SDLC model stresses on repetition. Developers create a version rapidly for relatively less cost, then test and improve it through successive versions. One big disadvantage of this model is that if left unchecked, it can eat up resources fast.

V-Shaped Model: This model can be considered as an extension of the waterfall model, as it includes tests at each stage of development. Just like the case with waterfall, this process can run into obstructions.

Big Bang Model: This SDLC model is considered best for small projects as it throws most of its resources at development. It lacks the detailed requirements definition stage when compared to the other methods.

Spiral Model: One of the most flexible of the SDLC models is the spiral model. It resembles the iterative model in its emphasis on repetition. Even this model goes through the planning, design, build and test phases again and again, with gradual improvements at each stage.

Wrapping-up SDLC

SDLC can be a great tool that can help us with the highest level of documentation and management control. But failure to consider customer’s requirements, users or stakeholders can lead to project failure.






More CISSP Questions



Tanya is analyzing the boundary values. Which phase of the SDLC (system development life cycle) is Tanya currently in?
  • Design
  • Requirements
  • Implementation
  • Maintenance


OBJ-8.1: In the implementation phase, boundary value analysis is used to find and remove errors occurring at parameter limits or boundaries, such as start and end conditions of loops. Such an analysis does not occur in the other phases listed.

The System Development Life Cycle (SDLC) is a structure for system development. Its purpose is to manage the development process and implement security at each stage of the development process. The principal elements of the SDLC are listed in “Generally Accepted Principles and Practices for Securing Information Technology Systems” (SP 800-14, National Institute of Standards and Technology, September 1996) and “Security Considerations in the Information System Development Life Cycle” (SP 800-64, National Institute of Standards and Technology, September, October 2003). The five stages of the SDLC are listed in NIST SP 800-14 as follows:

  1. Initiation – the beginning process that determines the need for the system and documenting its purpose and includes measuring the sensitivity of the system and data to be processed. This is called a sensitivity assessment.
  2. Development/Acquisition – involves the design, development, programming and acquisition of the system. In this stage programmers develop the application code while concentrating on security measures to make certain that input and output controls, audit mechanisms, and file-protection schemes are used.
  3. Implementation – this phase runs testing, security testing, accreditation, and installation of the system. This occurs once application coding has been completed. The testing should be handled by auditors or quality assurance engineers, not the programmers. If the code is written and verified by the same individuals, errors can go unnoticed and security functions can be bypassed. Thus assigning specific duties is important.
  4. Operation/Maintenance – identifying processes the system is designed to inform which include: security operations, modification/addition of hardware and/or software, administration, operational assurance, monitoring, and audits.
  5. Disposal – this phase overviews the state of the system or system components and products, such as hardware, software, and information; disk sanitization; archiving files; and moving equipment. This stage is usually reached when the system is no longer required.

<p>The post Security & Software Development Life Cycle Demystified – CISSP Questions & 7 Stages Of SDLC www.dotifi.com first appeared on SWP.NG.</p>

Facebook Comments Box