A Secure Development Lifecycle (SDLC) integrates security into every phase of software development — from requirements through design, coding, testing, deployment, and maintenance — rather than treating it as an afterthought. It embodies "shift left" and "security by design."
Usalama katika sehemu zote za maisha
Integrate security into EVERY phase (not just at the end):
REQUIREMENTS → define security requirements; consider compliance
DESIGN → THREAT MODELING; secure architecture; security review of the design
DEVELOPMENT → secure coding practices; code review; SAST in the IDE/CI
TESTING → security testing (SAST, DAST, dependency scanning, pen testing)
DEPLOYMENT → secure configuration; secrets management; hardening
MAINTENANCE → patching, monitoring, incident response, ongoing scanning
→ "shift left" — address security EARLY (cheaper than fixing after a breach).
