CMP 321system Analysis and Design
CMP 321system Analysis and Design
Home Glossary
Table of Contents
Definition
The Software Development Life Cycle (SDLC) is a structured process that enables the production of high-quality,
low-cost software, in the shortest possible production time. The goal of the SDLC is to produce superior software
that meets and exceeds all customer expectations and demands. The SDLC defines and outlines a detailed plan
with stages, or phases, that each encompass their own process and deliverables. Adherence to the SDLC
enhances development speed and minimizes project risks and costs associated with alternative methods of
production.
In the 1950s and 1960s, computer science progressed rapidly. This swift evolution sparked the beginnings of a
production framework that eventually grew into the SDLC we know today.
Prior to the 1950s, computing was not elaborate enough to necessitate a detailed approach like the SDLC. As
the complexity and scale of programming grew, the concept of structured programming emerged. Over time,
structured programming demanded more tactical development models, thus sparking the beginnings of the SDLC.
It increases visibility on all aspects of the life cycle to all stakeholders involved in the development process
The initial concept and creation of the SDLC only addressed security activities as a separate and singular task,
performed as part of the testing phase. The shortcomings of this after-the-fact approach were the inevitably high
number of vulnerabilities or bugs discovered too late in the process, or in certain cases, not discovered at all.
Today, it is understood that security is critical to a successful SDLC, and that integrating security activities
throughout the SDLC helps create more reliable software. By incorporating security practices and measures into
the earlier phases of the SDLC, vulnerabilities are discovered and mitigated earlier, thereby minimizing overall
time involved, and reducing costly fixes later in the life cycle.
This idea of ‘baking-in’ security provides a ‘Secure SDLC’- a concept widely recognized and adopted in the
software industry today. A secure SDLC is achieved by conducting security assessments and practices during
ALL phases of software development.
With modern application security testing tools, it is easy to integrate security throughout the SDLC. In keeping
with the ‘secure SDLC’ concept, it is vital that security assurance activities such as penetration testing, threat
modeling, code review, and architecture analysis are an integral part of development efforts.
Planning phase
The planning phase encompasses all aspects of project and product management. This typically includes resource
allocation, capacity planning, project scheduling, cost estimation, and provisioning.
During the planning phase, the development team collects input from stakeholders involved in the project;
customers, sales, internal and external experts, and developers. This input is synthesized into a detailed definition
of the requirements for creating the desired software. The team also determines what resources are required to
satisfy the project requirements, and then infers the associated cost.
Expectations are clearly defined during this stage as well; the team determines not only what is desired in the
software, but also what is NOT. The tangible deliverables produced from this phase include project plans,
estimated costs, projected schedules, and procurement needs.
Coding phase
The coding phase includes system design in an integrated development environment. It also includes static code
analysis and code review for multiple types of devices.
Building Phase
The building phase takes the code requirements determined earlier and uses those to begin actually building the
software.
Testing Phase
The phase entails the evaluation of the created software. The testing team evaluates the developed product(s) in
order to assess whether they meet the requirements specified in the ‘planning’ phase.
Assessments entail the performance of functional testing: unit testing, code quality testing, integration testing,
system testing, security testing, performance testing and acceptance testing, as well as nonfunctional testing. If a
defect is identified, developers are notified. Validated (actual) defects are resolved, and a new version of the
software is produced.
The best method for ensuring that all tests are run regularly and reliably, is to implement automated testing.
Continuous integration tools assist with this need.
Release Phase
The release phase involves the team packaging, managing and deploying releases across different environments.
Deploy Phase
In the deployment phase, the software is officially released into the production environment.
Operate Phase
The operate phase entails the use of the software in the production environment.
Monitor Phase
In the monitor phase, various elements of the software are monitored. These could include the overall system
performance, user experience, new security vulnerabilities, an analysis of bugs or errors in the system.
Waterfall
Waterfall represents the oldest, simplest, and most structured methodology. Each phase depends on the outcome
of the previous phase, and all phases run sequentially. This model provides discipline and gives a tangible output
at the end of each phase. However, this model doesn’t work well when flexibility is a requirement. There is little
room for change once a phase is deemed complete, as changes can affect the cost, delivery time, and quality of
the software.
Agile
In the agile methodology produces ongoing release cycles, each featuring small, incremental changes from the
previous release. At each iteration, the product is tested. The agile model helps teams identify and address small
issues in projects before they evolve into more significant problems. Teams can also engage business stakeholders
and get their feedback throughout the development process.
Lean
In the lean methodology for software development is inspired by lean manufacturing practices and principles. The
lean principles encourage creating better flow in work processes and developing a continuous improvement culture.
The seven lean principles are:
Eliminate waste
Amplify learning
Build integrity in
Build holistically
Iterative
In the iterative process, each development cycle produces an incomplete but deployable version of the software.
The first iteration implements a small set of the software requirements, and each subsequent version adds more
requirements. The last iteration contains the complete requirement set.
Spiral
In the spiral development model, the development process is driven by the unique risk patterns of a project. The
development team evaluates the project and determines which elements of the other process models to incorporate.
V-Shaped
In the V-shaped model, verification phases and validation phases are run in parallel. Each verification phase is
associated with a validation phase, and the model is run in a V-shape, where each phase of development has an
associated phase of testing.
The most important best practice to implement into your SDLC is effective communication across the entire team.
The more alignment, the greater the chances for success.
Streamlined workflows
There are several pitfalls that threaten to negatively impact an SDLC implementation. Perhaps the most
problematic mistake is a failure to adequately account for and accommodate customer and stakeholder needs in
the process. This results in a misunderstanding of system requirements, and inevitable disappointment with the
end-product.
Additionally, the complexity of the SDLC often causes a project to derail or teams to lose sight of specifics and
requirements. Without strict adherence to all aspects of the parameters and design plans, a project can easily
miss the mark.
As shown above, security is critical to the SDLC. Synopsys enables you to add security testing to an existing
development process, thereby streamlining security throughout the SDLC. Synopsys solutions help you manage
security and quality risks comprehensively, across your organization and throughout the application life cycle.
Synopsys offers products and services that can be integrated throughout your SDLC to help you build secure
code, fast.
Building Security In Maturity Model (BSIMM)- Measure and benchmark your software security program against
other security programs and industry best practices.
Maturity Action Plan (MAP) - Get recommendations establish or improve your software security stance.
Software Testing Optimization - Help your team prioritize and create the right level of security testing.
Application Security Consulting Services Tackle your most challenging security and risk management initiatives
with on-demand help from experts.
Security Training/eLearning - Synopsys offers a wide range of education solutions to address your needs; from
understanding the basics of coding standards, to developing advanced skills to build secure code.
Strategic Product and Service Offerings for your Specific SDLC Needs
Architecture Risk Analysis - Improve your security stance and ensure that you have secure design practices in
place by identifying flaws within your systems designs.
Threat Modeling - Bring your application design weaknesses to light by exploring potential hacker exploits.
Spot design flaws that traditional testing methods and code reviews might overlook.
Coverity SAST- Analyze source code to find security vulnerabilities that make your organization’s applications
susceptible to attack. Address security and quality defects in code while it is being developed, helping you
accelerate development an increase overall security and quality.
For your code and build phase activities
Seeker- Automate web security testing within your DevOps pipelines, using the industry’s first IAST solution
with active verification and sensitive-date tracking for web-based applications, cloud based, microservices based &
containerized apps, (IAST) uses dynamic testing (a.k.a. runtime testing) techniques to identify vulnerabilities in
running web applications.
Defensics- Identify defects and zero-day vulnerabilities in services and protocols. Defensics is a comprehensive,
versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and
remediate security weaknesses in software.
White Hat Dynamic- Dynamic analysis evaluates an application while executing it to uncover issues with its
runtime behavior.
Black Duck Software Composition Analysis - secure and manage opensource risks in applications and
containers. Black duck offers a comprehensive software composition analysis (SCA) solution for managing
security, quality, and license compliance risk that comes from the use of open source and third-party code in
applications and containers.
Black Duck offers support from the code phase of your SDLC through your monitor phase activities:
Integrate Black Duck into bug and issue trackers to enable developers to track and manage opensource issues
found both in the test and release phases.
Automated ticket creation related to policy violations and security alerts helps teams manage issues in the
systems they already use to speed time to resolution and efficiently manage testing work.
Teams can perform a final scan for opensource security, license or operational issues before the application is
deployed to production.
Leverage advanced vulnerability remediation guidance, opensource license information and policy controls to
eliminate opensource risk in applications and containers.
Continuously monitor applications and containers in production for new opensource vulnerabilities and alert
teams where they work so they can patch issues quickly before a potential exploit occurs.
Black Duck integrates directly into the developers IDE to flag potential issues in opensource components as
they code, and integrations into package managers and build tools automate the discovery of opensource
dependencies to ensure a complete and accurate opensource bill of materials (BoM).
Synopsys Application Security Testing Services offer the solution for applying AppSec testing effectively across
your full application portfolio. Accelerate and scale application security testing with on-demand resources and
expertise when you lack the resources or skills to achieve your risk management goals.
Application Security Testing Services offer support from the code phase of your SDLC through your monitor
phase activities:
Dynamic Application Security Testing (DAST) - If your team lacks the resources for effective DAST testing,
Synopsys DAST allows you to analyze web applications at any time without the cost or complexity of in-house
DAST.
Penetration Testing - Synopsys Penetration Testing uses multiple testing tools and in-depth manual tests
focusing on business logic to find and try to exploit vulnerabilities in running web applications or web services.
SAST - Synopsys SAST enables you to quickly and cost-effectively implement and scale static analysis to
systematically find and eliminate security vulnerabilities found in source code.
Penetration testing - Penetration testing analysis helps you find and fix exploitable vulnerabilities in your server-
side applications and APIs. Reduce your risk of a breach by identifying and exploiting business-critical
vulnerabilities, before hackers do.
Red Teaming - Ensure your network, physical, and social attack surfaces are secure. Vulnerabilities may seem
small on their own, but when tied together in an attack path, they can cause severe damage. Our red team models
how a real-world adversary might attack a system, and how that system would hold up under attack.
With the adoption of faster and newer development life cycles, organizations are moving away from older SDLC
models (waterfall, for example). With ever-increasing demands for speed and agility in the development process,
automation has played a key role.
Development and operations are merging into a DevOps capability, as the boundaries between disparate teams
has been slowly dissolving in favor of a streamlined and synchronized approach to development.
Newer approaches to the SDLC have emerged as DevOps, a combination of philosophies and practices that
increase an organization’s ability to deliver applications more quickly. As SDLC methods shift more toward a
DevOps SDLC, consideration of the role security plays must also be addressed. Security is no longer a separate
and compartmentalized step in the SDLC-in order to guarantee secure software, produced at the speed of DevOps,
security is now being viewed as a critical component throughout the SDLC.
In coming years, no doubt, organizations will adopt not only a DevOps approach to their SDLC, but a more
evolved DevOps methodology, where security is baked into the entirety of the SDLC. In order to guarantee the
success of this modern software development model, an organization must be strategic in selecting tools that
support and enhance this effort. As a proven leader in the application security field, Synopsys offers a
comprehensive suite of products and services perfectly tailored to this effort.
RESEARCH PAPER
EBOOK
EBOOK
BLOG
Contact us
Footer
Corporate Headquarters
Sunnyvale, CA 94085
Customer Support
650-584-5000
800-541-7737
Worldwide Location
Products
Application Security
Semiconductor IP
Verification
Design
Silicon Engineering
Resources
Solutions
Services
Support
Community
Manage Subscriptions
Corporate
About Us
Careers
ESG
Investor Relations
Contact Us
Legal
Privacy
Security
Follow
Quality
Home Agile, DevOps and software development methodologies
DEFINITION
The systems development life cycle (SDLC) is a conceptual model used in project management that describes the
stages involved in an information system development project, from an initial feasibility study through
maintenance of the completed application. SDLC can apply to technical and non-technical systems. In most use
cases, a system is an IT technology such as hardware and software. Project and program managers typically take
part in SDLC, along with system and software engineers, development teams and end-users.
Every hardware or software system will go through a development process which can be thought as an iterative
process with multiple steps. SDLC is used to give a rigid structure and framework to define the phases and steps
involved in the development of a system.
SDLC is also an abbreviation for Synchronous Data Link Control and software development life cycle. Software
development life cycle is a very similar process to systems development life cycle, but it focuses exclusively on the
development life cycle of software.
SDLC models
Various SDLC methodologies have been developed to guide the processes involved, including the original SDLC
method, the Waterfall model. Other SDLC models include rapid application development (RAD), joint application
development (JAD), the fountain model, the spiral model, build and fix, and synchronize-and-stabilize. Another
common model today is called Agile software development.
Frequently, several models are combined into a hybrid methodology. Many of these models are shared with the
development of software, such as waterfall or agile. Numerous model frameworks can be adapted to fit into the
development of software.
In SDLC, documentation is crucial, regardless of the type of model chosen for any application, and is usually
done in parallel with the development process. Some methods work better for specific kinds of projects, but in the
final analysis, the most crucial factor for the success of a project may be how closely the particular plan was
followed.
Steps in SDLC
SDLC can be made up of multiple steps. There is no concrete set number of steps involved. Around seven or eight
steps appear commonly; however, there can be anywhere from five upwards to 12. Typically, the more steps
defined in an SDLC model, the more granular the stages are.
In general, an SDLC methodology follows these following steps:
Analysis: The existing system is evaluated. Deficiencies are identified. This can be done by interviewing users of
the system and consulting with support personnel.
Plan and requirements: The new system requirements are defined. In particular, the deficiencies in the existing
system must be addressed with specific proposals for improvement. Other factors defined include needed features,
functions and capabilities.
Design: The proposed system is designed. Plans are laid out concerning the physical construction, hardware,
operating systems, programming, communications and security issues.
Development: The new system is developed. The new components and programs must be obtained and installed.
Users of the system must be trained in its use.
Testing: All aspects of performance must be tested. If necessary, adjustments must be made at this stage. Tests
performed by quality assurance (QA) teams may include systems integration and system testing.
Deployment: The system is incorporated in a production environment. This can be done in various ways. The new
system can be phased in, according to application or location, and the old system gradually replaced. In some
cases, it may be more cost-effective to shut down the old system and implement the new system all at once.
Upkeep and maintenance: This step involve changing and updating the system once it is in place. Hardware or
software may need to be upgraded, replaced or changed in some way to better fit the needs of the end-users
continuously. Users of the system should be kept up-to-date concerning the latest modifications and procedures.
Other steps which may appear include project initiation, functional specifications, detailed specifications,
evaluation, end-of-life and other steps that can be created by splitting previous steps apart further.
Having a clear view of an entire project, workers involved, estimated costs and timelines.
Due to assumptions made at the beginning of a project, if an unexpected circumstance complicates the
development of a system, then it may stockpile into more complications down the road. As an example, if newly
installed hardware does not work correctly, then it may increase the time a system is in development, increasing
the cost.
Testing at the end of development may slow down some development teams.
Related Terms
automated testing
Automated testing is a software testing technique that automates the process of validating the functionality of
software and ... See complete definition
A daily stand-up meeting is a short organizational meeting that is held each day. See complete definition
iterative development
Iterative development is a way of breaking down the software development lifecycle (SDLC) of a large application
into smaller ... See complete definition
shift-left testing
iterative development
Hofstadter's law
By: Rahul Awati
waterfall model
-ADS BY GOOGLE
CLOUD COMPUTING
APPLICATION ARCHITECTURE
IT OPERATIONS
JAVA
AWS
Cloud Computing
Take stock of your applications, and modernize them where appropriate as part of a cloud migration. Learn about
the benefits of ...
Without careful oversight, multi-cloud deployments can be expensive. These data management and security
practices can help IT ...
About Us Editorial Ethics Policy Meet the Editors Contact Us Advertisers Partner with Us Media Kit Corporate
Site
Privacy Policy