Quiz Entry - updated: 2026.07.14
How should security be integrated throughout the Software Development Life Cycle?
Attach a security activity to every phase — requirements, design, implementation, testing, deployment, maintenance — because a flaw is cheapest to fix in the phase that created it.
* A security activity at every SDLC phase — security requirements, threat modeling, secure coding/SAST, DAST/pentest, hardening, patching. *
Security activities should map to each SDLC phase:
| Phase | Security Activity |
|---|---|
| Requirements | Define security requirements (auth strength, data classification, compliance) |
| Design | Threat modeling, security architecture review, identify trust boundaries |
| Implementation | Secure coding practices, code review, SAST scanning |
| Testing | DAST, penetration testing, fuzzing |
| Deployment | Secure configuration, environment hardening, secrets management |
| Maintenance | Patch management, vulnerability monitoring, incident response |
Key principle: Security found early is cheap to fix. Security found in production is expensive and risky. A design flaw requiring architectural changes costs 10-100x more than catching it during requirements.