Security-aware software development life Cycle (SaSDLC) - Processes and tools

Abstract

Today an application is secured using invitro perimeter security. This is the reason for security being considered as nonfunctional requirement in Software Development Life Cycle (SDLC). In Next Generation Internet (NGI), where all applications will be networked, security needs to be in-vivo; security must be functions within the application. Applications running on any device, be it on a mobile or on a fixed platform - need to be security-aware using Securityaware Software Development Life Cycle (SaSDLC), which is the focus of this paper. We also present a tool called Suraksha that comprises of Security Designers' Workbench and Security Testers' Workbench thathelps a developer to build Security-aware applications. ©2009 IEEE.