Detection of Vulnerability Injection Point in Software Development Lifecycle for Effective Countermeasures

Abstract

This paper takes a deeper look at data breach, its causes and the linked vulnerability aspects in the application development lifecycle. Further, the Vulnerabilities are mapped to the software development life cycle (SDLC) involving requirement elicitation, design, development, testing and deployment phases. Being aware of exact SDLC life cycle where the vulnerabilities are injected, suitable security practices (countermeasures) can be adopted in delivery methodology, which can control the eventual data breaches and safeguard the application from security perspective. Our research focuses on Evolution of Vulnerabilities through the application development life cycle, and we have leveraged “Inverted Tree Structure/Attack Tree” and “Affinity Principles” to map the vulnerabilities to right Software Development Life Cycle.