The current security standards advise to implement Security by Design. The purpose of Security by Design is to incorporate security from the start of the software development. Security needs to be implemented in each level of your software development, because security is more than only policies or documents.
Security needs to be implemented at:
- Governance level
- Definition and design phases
- Development phases
- Deployment phases
- Maintenance and operations
There are several frameworks like OpenSAMM or BSIMM to support your SDLC lifecycle and evolution.
! Important to note! Your components and third-party libraries cannot have vulnerabilities or security issues. You must ensure through testing that the application shows no known vulnerabilities to any type of malicious code. By implementing dependency management, third-party libraries can be checked for security issues in vulnerability databases.