Secure Software Development Lifecycle

A full lifecycle approach towards achieving secure software.

Upon completion of a SpearTip Secure Code Review, many unknown or latent vulnerabilities will become apparent – in many cases “High” or “Critical” level vulnerabilities such as Cross-Site Scripting (XSS), SQL Injections or other candidates listed on the OWASP Top Ten.

These and many other questions can be addressed and answered via SpearTip’s approach to integrating security as a part of the Secure Software Development Lifecycle (SDLC). SpearTip understands that many organizations follow some facets of the SDLC (sometime strictly, sometime loosely). However, when “High” or “Critical” level vulnerabilities are discovered, it is an indication that security was not part of the SDLC or if so, was ignored or even misunderstood.

SpearTip believes that integrating security at all phases of the SDLC is the most comprehensive and cost effective way to develop and deploy software due to the fact that many organizations have chosen to make this commitment to secure software excellence.

SpearTip can also provide a level of SDLC training. Based on threat modeling vectors and existing SDLC implementations, we help develop organizational best practices that can be implemented in the real world.