LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How should security be integrated throughout the Software Development Life Cycle?

Attach a security activity to every phase — requirements, design, implementation, testing, deployment, maintenance — because a flaw is cheapest to fix in the phase that created it.

Six SDLC phases as a serpentine, each with its security activity (requirements → maintenance).

* A security activity at every SDLC phase — security requirements, threat modeling, secure coding/SAST, DAST/pentest, hardening, patching. *

Security activities should map to each SDLC phase:

Phase Security Activity
Requirements Define security requirements (auth strength, data classification, compliance)
Design Threat modeling, security architecture review, identify trust boundaries
Implementation Secure coding practices, code review, SAST scanning
Testing DAST, penetration testing, fuzzing
Deployment Secure configuration, environment hardening, secrets management
Maintenance Patch management, vulnerability monitoring, incident response

Key principle: Security found early is cheap to fix. Security found in production is expensive and risky. A design flaw requiring architectural changes costs 10-100x more than catching it during requirements.

From Quiz: SPRG / Secure Programming Introduction | Updated: Jul 14, 2026