A Secure Development Lifecycle (SDLC) yana haɗa tsaro a kowane mataki na haɓaka software — daga buƙatun har zuwa ƙira, ƙididdiga, gwaji, aiki, da kulawa — maimakon ɗaukar shi azaman wani abu na gida. Yana nuna "shift left" da "tsaro ta ƙira."
Tsaro ta cikin halittar aiki
Integrate security into EVERY phase (not just at the end):
REQUIREMENTS → define security requirements; consider compliance
DESIGN → THREAT MODELING; secure architecture; security review of the design
DEVELOPMENT → secure coding practices; code review; SAST in the IDE/CI
TESTING → security testing (SAST, DAST, dependency scanning, pen testing)
DEPLOYMENT → secure configuration; secrets management; hardening
MAINTENANCE → patching, monitoring, incident response, ongoing scanning
→ "shift left" — address security EARLY (cheaper than fixing after a breach).
