The main security processes that are encountered during the designing phase of the software are threat modelling and design reviews.

  • Threat Modelling: Threat modelling provides a systematic and structural approach towards the identification and rating the potential threats that may affect the software development. This is a cost effective and efficient approach to find the threats. This helps to determine the technical security posture of the software being developed. The key steps of threat modelling are:
  • Functional Decomposition
  • Categorizing Threats
  • Ranking Threats
  • Mitigation Planning
  • Design Review: Design Reviews are conducted to check for the compliance with the requirements that are specified in the previous phases so that any kind of issues pertaining to noncompliance can be identified and resolved at the earliest. The security subject matter expert is given the task to carry out design reviews to ensure that the design is secure. The two main vulnerabilities in design phase are:

Design Related:

The design related vulnerabilities are difficult to find and expensive to fix. Thus they should be detected in the early stages of the SSDLC.

Implementation Related:

The implementation related vulnerabilities are easy to find and fix at any stage.These vulnerabilities are related to the server on which the software is being implemented.