Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. In that view, this paper presents a new, Ethical Hacking-Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. During the software development process, development teams typically bypass or ignore the security parameters of the software. Making the investment in a methodical assessment process will ensure the next steps in developing a safety and security plan are most effective and no more costly than necessary.Įthical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. This paper presents a layered architecture for identification and assessment of security vulnerabilities.The developed architecture evaluates the organization's current policies and common practices and helps in identification and assessment of vulnerabilities by enlisting the aid of trained security professionals. Organizations need to have a clear plan in place to help better mitigate the vulnerabilities lies in the network or information system. Knowing what vulnerabilities exist and could therefore be exploited allows organizations and businesses to pool that information with their knowledge of potential risks and threats to their operations and build their plans accordingly. The development of comprehensive safety and security plans commonly overlooked the critical foundation step of vulnerabilities assessment. With the increasing growth of Internet it is extremely difficult to prevent unauthorized users from compromising the confidentiality, the integrity or the availability (CIA) of sensitive information.
0 kommentar(er)
