Een Secure Development Lifecycle (SDLC) integreert beveiliging in elke fase van softwareontwikkeling — van requirements tot ontwerp, codering, testen, implementatie en onderhoud — in plaats van het als een nagedachte te behandelen. Het belichaamt "shift left" en "security by design."
Beveiliging door de hele lifecycle
Integrate security into EVERY phase (not just at the end):
REQUIREMENTS → define security requirements; consider compliance
DESIGN → THREAT MODELING; secure architecture; security review of the design
DEVELOPMENT → secure coding practices; code review; SAST in the IDE/CI
TESTING → security testing (SAST, DAST, dependency scanning, pen testing)
DEPLOYMENT → secure configuration; secrets management; hardening
MAINTENANCE → patching, monitoring, incident response, ongoing scanning
→ "shift left" — address security EARLY (cheaper than fixing after a breach).
