Professional Documents
Culture Documents
in SDLC - Example
1. Introduction
Objective: The objective of this project is to develop a secure web application for online
banking, integrating security practices throughout the SDLC to mitigate potential risks.
Scope: The project scope includes the online banking web application, its backend services,
and the database storing customer information.
Security Goals: Our security goals include ensuring the confidentiality, integrity, and
availability of customer data, along with regulatory compliance.
Risk Assessment: Initial risk assessment was conducted using the STRIDE model,
identifying potential threats like SQL injection and data breaches.
Threat Modeling: Threat modeling was performed for each microservice, focusing on
potential threats and corresponding mitigation strategies.
Security Control Identification: Identified security controls include JWT for secure
authentication, HTTPS for data in transit, and AES encryption for data at rest.
4. Implementation Phase
Secure Coding Practices: Followed OWASP secure coding guidelines to mitigate common
vulnerabilities such as SQL injection and cross-site scripting.
Dynamic Code Analysis (DAST): Utilized DAST tools such as OWASP ZAP to test the running
application for vulnerabilities.
7. Conclusion
Summary of Security Measures: This document recaps the comprehensive security
measures and practices implemented throughout the SDLC of our online banking
application.
Appendices
Appendix A: Risk Assessment Report - Detailed report of the initial risk assessment findings
and mitigation strategies.
Appendix C: Threat Modeling Outputs - Outputs from the threat modeling activities
conducted during the design phase.