Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/boloto1979/security-driven-development
Security-Driven Development (SDD) where cybersecurity is not an add-on, but the core of our software creation process. Committed to best practices, we follow a development cycle that integrates security analysis, defensive design and secure coding from the first commit.
https://github.com/boloto1979/security-driven-development
cibersecurity development sdd security-driven-development
Last synced: 23 days ago
JSON representation
Security-Driven Development (SDD) where cybersecurity is not an add-on, but the core of our software creation process. Committed to best practices, we follow a development cycle that integrates security analysis, defensive design and secure coding from the first commit.
- Host: GitHub
- URL: https://github.com/boloto1979/security-driven-development
- Owner: boloto1979
- License: other
- Created: 2024-03-13T18:03:36.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2024-03-29T19:04:21.000Z (10 months ago)
- Last Synced: 2024-11-14T17:32:25.108Z (3 months ago)
- Topics: cibersecurity, development, sdd, security-driven-development
- Language: PHP
- Homepage:
- Size: 14.6 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
Awesome Lists containing this project
README
# Security-Driven Development (SDD) Guidelines
Welcome to our repository, where we champion the integration of security into the heart of software development. Security is not an afterthought; it's an integral part of our entire development lifecycle. Below are the key practices we adhere to in our Security-Driven Development approach.
## 1. Security Requirements Analysis
Right from the start, security requirements are defined and prioritized alongside functional requirements. This includes provisions for authentication, authorization, data confidentiality, data integrity, and auditing.
## 2. Secure Design
System design undergoes rigorous security assessments, embracing principles such as least privilege, defense in depth, and separation of duties. Threat modeling is employed at this stage to identify and mitigate potential attack vectors.
## 3. Secure Coding
We adopt coding practices that prevent security vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), etc. Adherence to secure coding guidelines specific to our programming languages and static code analysis tools is standard practice here to pinpoint security issues.
## 4. Security Testing
Our testing suite includes a range of security-specific tests such as penetration testing, dynamic application security testing (DAST), and software composition analysis to uncover vulnerabilities in third-party libraries and dependencies.
## 5. Security-Focused Code Review
In addition to standard code reviews, we conduct extra layers of review targeting security concerns specifically. This includes ensuring adherence to secure coding best practices and manually analyzing critical security junctures.
## 6. Incident Response and Security Patching
We have proactive plans in place for responding to security incidents, including quick patches and updates to address vulnerabilities discovered post-deployment.
## 7. Security Training and Awareness
We are committed to educating our developers and stakeholders on security principles and best practices to ensure security is a shared responsibility.
By adopting a Security-Driven Development model, we aim to reduce the number of vulnerabilities, increase end-user trust, and lower the costs associated with security issue remediation post-deployment. Treating security as a fundamental and ongoing component of the software development cycle enables us to build more resilient systems against cyber threats.
## Wiki
Our repository's Wiki is up and running! It's the central hub for detailed documentation on Security-Driven Development (SDD) practices. While we've populated it with key information, please note that it's still a work in progress.
Inside the Wiki, you can find:
- A comprehensive breakdown of SDD practices
- Examples of how to apply SDD in different programming languages
- Contribution guidelines
- Security policies and procedures
- And much more!
We're continually improving and expanding the Wiki to make it a valuable resource for everyone interested in secure software development. Your contributions and suggestions are welcome; they'll help the Wiki grow and evolve. Check back often for updates and feel free to reach out if you have something to add!
Visit the [Security-Driven Development Wiki](https://github.com/boloto1979/Security-Driven-Development/wiki) to learn more and contribute.
## Contributing
We welcome contributions that strengthen our security posture. Please refer to our contributing guidelines for more information on how to get involved.
## License
[SECURITY-DRIVEN DEVELOPMENT SOFTWARE LICENSE (SDDSL)](https://github.com/boloto1979/Security-Driven-Development/blob/main/LICENSE.md)
---
By participating in this project, you are contributing to a safer software ecosystem. Let's build securely, together.