What is the easiest phase of standard software development life-cycle for security considerations?

The standard software development cycle has the following four phases: Requirement analysis and design, Development (Coding), Testing, Deployment.

According to a SANS whitepaper, each of these phases has certain security responsibilities to fulfill.

  • Requirement analysis and Design: Requires a high-level risk assessment, identification of possible security vulnerabilities based on destructive use cases, and implementation of security design practices.
  • Development (Coding): Implementation of security controls and secure coding guidelines.
  • Testing: Security testing, penetration testing, blue team testing (apart from the traditional functional and regression testing)
  • Deployment: Securing migration processes, post-production security.

It is clear that the Deployment phases is the easiest one in this life cycle. It requires  –

  • automated installers and uninstallers
  • deployment using least privilege security models
  • no backdoors
  • documentation that doesn’t contain any default accounts
  • every configuration parameter to be findable

This is mostly straightforward when compared to the security measures necessary in the other three phases.


Haridas, N. (2007, April 2). Software Engineering – Security as a Process in the SDLC. Retrieved from https://www.sans.org/reading-room/whitepapers/securecode/software-engineering-security-process-sdlc-1846

Deployment. (n.d.). Retrieved from https://www.owasp.org/index.php/Deployment