I've been digging into Software Development Life Cycle (SDLC) lately, after checking out about 40+ articles. However, I found a noticeable absence of a lucid overview of what the branchings are and how this works in real life. So, I decided to take matters into my own hands and put together a beginner reference guide. Not just for me, but for anyone else trying to figure out this whole SDLC/S-SDLC thing. The objective is to distill the complexities into a clear and concise guide with a concept principles overview.

Introduction

Developing software is an ever-evolving aspect this can be due to changing requirements or can be due to evolving industry practices. The Software Development Life Cycle (SDLC) serves as a guide to identifying the necessary activities for a specific project and offers detailed insights into how to execute those activities. In simpler terms, we can say it is a sketchbook of rules that can be tweaked for better results (tweaking in the sense that some stages can overlap with each other or be skipped entirely or alternated) and so in this article, we are gonna focus on

• Basic Concept of SDLC

• Security

The Security aspect of this process is fueled by the statement "Security is a constant concern". In this digital world as technology advances, so do the threats and vulnerabilities. This proactive approach to treating security as an integral part of the software development process is often referred to as S-SDLC but here I wanted to incorporate this methodology intro so that understanding how can security be added up and why is it necessary is the aim even though this is a small introduction to this perspective of security integration in the further articles I would love to dive deep ;].

Basic Concept of SDLC

The SDLC as mentioned earlier is a sketchbook of rules it aims to set foundational rules on which we can build they are called stages by some but for better understanding let's call them 'Cycles in order' and more on that later.

• Requirement Analysis & Planning

  This aspect can be divided into 2 segments

1. Origination

   Here in this phase, the necessity for this particular software solution is established and proposals are posed for a game plan laying the groundwork. Upon its completion, it is reviewed by the client and the review process is completed if approval is done which then proceeds to scheduling project aspects by their prioritization and the availability of resources.

   Here you might be wondering what exactly proposals mean and why we need approval right?
   This is done to check whether the chosen route of build is aligned with the business objectives or not.

2. Initiation

   This phase includes the detailed and final confirmation of the game plan mentioned above. This includes communication plans, resource establishments, and other essential components. The outputs of this phase are crucial for successful project execution and this phase encompasses project plans it is the Software Requirement Specifications (SRS) document that defines schedules and cost estimations. These outputs facilitate better cooperation and understanding between the development team and clients, ensuring alignment with business objectives.

   Typically this would be called the end of stage 1 and most articles would move on to the next step but multiple iterations(feasibility studies)happen in real life that's the reason I prefer to call them cycles and moving on to how can we do this securely. In the planning cycle, it is important to identify any security considerations for functional requirements being gathered for the release which basically means we need to have an understanding of potential weaknesses in similar technologies and incorporate security measures into the design and implementation of functional requirements which are crucial to minimize or eliminate potential risks.

   Let's check this out with an example
   Sample functional requirement: Users should be able to upload and share documents securely within the platform.

   Sample security consideration: The document-sharing feature must implement access controls to restrict document visibility only to authorized users, preventing unauthorized access or sharing of sensitive information.

• Design

  The SRS document, generated during the Analysis phase, undergoes refinement into the creation of a "Detailed Design Specification" (DDS). This document outlines the software architecture, including language, framework, code guidelines, scalability and sustainability caps, and UI design. The design phase involves iterative cycles to achieve a comprehensive detailed design. Now, how can this design phase be done securely? Security considerations in this phase involve integrating security features into the DDS, specifying measures like access controls, data encryption, and secure coding. Iterative 'cycles' allow for continuous refinement

• Implementation&Prototyping

  The objective is to adopt a prototyping approach rather than focusing solely on the implementation phase. This approach emphasizes creating a tangible representation of the software early in the development process. It involves generating quick prototypes and incorporating minute changes to explore opportunities for improvement or to address design alterations. The aim is to swiftly create working models that can be evaluated and refined iteratively, aligning with the principles of prototyping for a more agile and responsive development process. This aspect usually is not mentioned under the traditional SDLC or S-SDLC cause this rapid approach is not for projects with well-defined and stable requirements that may opt for the implementation of traditional methodologies which is to begin laying foundational terms to begin the development process and moving on to how can this phase be done securely, beginning with the prototyping approach this will help to minimize disruption to workflows later, which may otherwise result from security policy noncompliance or failed application security testing so incorporating this create various working models with varying changes which pushes for a proactive and resilient foundation for the software which eventually contributes to a more secure and streamlined development process.

• Development

  Probably the most time-heavy cycle in the process, here in this phase actual code is written which abides by the DDS(Detailed Design Specification) which means the output 'refined' is what the users will be using in real-time delving into what happens BTS is that the work is divided between the developers usually in form of modules or tasks and based on the core methodology of the build if it's an agile methodology it uses prototyping(spikes) or if it is a traditional methodology build it uses single block effort method and this is where initiation of DevOps also comes into play be it any methodology this is the future of SDLC more on this later! but first, let's see how this phase can be done securely, Secure coding guidelines play a pivotal role in this phase, emphasizing the importance of well-written code. These guidelines which are mentioned can also encompass practices such as using parameterized read-only SQL queries to minimize the risk of unauthorized manipulation and sanitizing data before returning it to users these can be examples of the guidelines for secure coding as mentioned above. Additionally, developers usually leverage free open-source components to quicken the feature delivery, subjecting them to Software Composition Analysis (SCA) tools. Security practices sometimes also extend from code reviews to employing static analysis and detecting logical errors.

• Testing

  Testing generally starts within the implementation aspect itself the only difference between them is that a more rigorous approach is adopted in this aspect with a strong emphasis on verifying that the application in its entirety and is done by identifying, detecting and fixing the issues that can be of security or UI or any other aspect of the application, the goal is to make the software meet the standards established so this phase employs unit testing, integration testing, and user acceptance testing which are some of the examples of testing delving on can this is done-this cycle can be divided into 3 stages

1. Test planning and setup
   This phase involves the creation of a test plan and the arrangement of test environments, such as setting up VMs. In this phase, we decide whether to use manual test cases or automated ones. The process can include defining the testing scope and identifying the test cases specific to the chosen approach

2. Test Execution

   The test cases are applied to the code here and the documentation aspect is done here this is to let the users know how to use the build to its fullest

3. Test Closure and Analysis

   The test results are further reviewed to check for possible defects and the documentation for the build is completed.

   and how can testing be done in a secure environment, This phase often includes automated tools like CI/CD pipelines to control verification and release more on this later as this is a whole other topic in itself to be explored.

• Deployment

  In this phase, the migration of the build is checked which means that the full functionality of the software established with norms is checked if it works across all intended platforms in the same intended way this is done in the pre-production phase and there is a production phase where required configuration and training for the users is done.
  Usually, deployment is done based on the nature of the software if it's a business-centric application that handles sensitive data, may require manual review and approval before deployment this also applies to "low" dev ops mature builds this deployment is generally automated as much as possible.

• Maintenance and evolution

  Nothing is built absolutely the produced software possibly could have bugs, or zero-day vulnerabilities so we need to have bug fixes, real-time support and maybe a few feature enhancements in this phase we will be having the user feedback so depending upon the nature of the software build this process of evolution and maintenance is done and coming to the security of this phase generally routine checks are done to ensure integrity.

Conclusion

The Software Development Life Cycle (SDLC) is a complex journey through 'Cycles in order' which might overlap addressing evolving requirements as we have seen and also emphasizing security as a constant concern, the guide explores the surface of each phase, from origination to deployment. This concise guide serves as a foundational resource, distilling SDLC complexities for all levels of developers.