ar
e
gu
ar
de
d
an
d
se
cu
re
m
e
m
or
y
se
g
m
en
tsSecure Development Methods
As mentioned earlier in this chapter, the application
security process starts during the development phase.
Instead of trying to bring in security at the end of the
development process, secure development needs to be
baked in from the start. Addressing security issues from
the very beginning saves a company time and money in
the long run.
It is a common practice for corporations to use some
type of software development lifecycle (SDLC). Best
practices in secure software development suggest
integrating security aspects into each phase of the SDLC.
Figure 14-6 show the various aspects of the SDLC.