Secure Development Methodology Classification Specification

annotation

The article presents a study of the specification of methods, tools and methodologies for safe development, which is adopted on the territory of the Russian Federation, including the experience gained from foreign colleagues, "best practices", canons and other kinds of options that are currently used.

The research is viewed from the commercial sector and the most effective secure development formats. The study is considered with the application in the practical part of these options and their specifics in general and in a private format. The purpose of this article is to transfer experience and data analytics of the applied methodologies, methods and development tools in a secure execution. The article presents an analysis, an appropriate analysis of the current market, legislation, in terms of developing information systems and environments in a secure design, which is also referred to as secure development, and which is gaining a "critical mass" of popularity in various industry companies every day due to the tightening recommendations and requirements of IS regulators [1].

It is also worth noting that the popularity of secure development is primarily due to the fact that the number of risks, information security incidents is critically growing every day. Progressive cybercriminals began to understand in detail the principles of operation of organizations that are exposed to attacks, while they manage to enter the group of trusted users due to a lack of competencies and employees in these companies. Also, attackers have learned to use more sophisticated tools, methods for organizing intrusions, "exploits" and others, to obtain confidential information, fraudulent activities. This topic is given to a significant part of the profile articles on the ISI.

Introduction

, , . . OWASP TOP 10, . , , , , №608, №55 . , , , , ( ), 56939.

, IT , : ( ) . . . , , , , , , – , , . , , , , ( ) : , , . , , , , ( ) . - , .

, , , , :

1. :
   
   1.1. ;
   
   1.2. ;
   
   1.3. .
2. , ;
3. ;
4. , , :
   
   4.1. - ;
   
   4.2. - .
5. , ;
6. ;
7. ;
8. , — ;
9. ;
10. - , ;
11. - , - ;
12. ;
13. ;
14. , , :
    
    14.1. ;
    
    14.2. ;
    
    14.3. ;
    
    14.4. ;
    
    14.5. .
15. .

, , ( ) , :

1. , , , ;
2. , [2-5].

, , , . , , , — , , . IT-, : , , , , , , , — , .

, , , — , , , , - , . , , , .

№149 , , : « – ». , , , , , , .

, :

1. : , ;
2. , : , ;
3. , UI/UX, - , ( ), .

— , , , . , , . - . , , : , [6-10].

- , :

1. , , , ;
2. , , . ;
3. , , S.M.A.R.T.;
4. , , , , ;
5. - , , . , , .

. . - , , .

..: " . ", :

1. , , , , , :
   
   1.1. , , , , :
   
   1.1.1. , ;
   
   1.1.2. , .
   
   1.2. - (), . , , , UI/UX . : , , , :
   
   1.2.1. - , , , ;
   
   1.2.2. , , ;
   
   1.2.3. , , .
   
   1.3. – - , , , - , , :
   
   1.3.1. , : - — , , , , ;
   
   1.3.2. , , , ;
   
   1.3.3. , , [11].
   
   1.4. , - , , :
   
   1.4.1. , ;
   
   1.4.2. , .
   
   1.5. , , , . , - . , .
2. — - , :
   
   2.1. – , , ;
   
   2.2. , , ;
   
   2.3. , , .
3. , . , : , ;
4. , , ;
5. ..: " ", – RAD (Rapid Application Development). — . :
   
   5.1. , , . : , 2 10 , , 100 , ;
   
   5.2. , , . 2 6 , , , .

, , , . , OWASP TOP 10, , ISO/IEK 27000.

, , . , — , "", "" , . , " " — . .

, (, ) , , :

1. , , UI/UX , . , , , : ;
2. , , "" , : , , , UI/UX;
3. , , , ;
4. , .

, , . , . , , . , , .

, , :

1. , ;
2. , ;
3. Digital, ;
4. - ;
5. , , .

, , : " ?". , "" , . , "", , . , — [12].

, :

1. Manifest for Agile Software Development, ;
2. SCRUM — " ", , , . ,  stand-up, , :
   
   2.1. ?
   
   2.2. ?
   
   2.3. ?
   
   2.4. ?
   
   2.5. .
3. : eXtreme Programming, XP, , , , "" ;
4. Crystal — , , , , :
   
   4.1. , ;
   
   4.2. , , . , .
5. , : Adaptive Software Development, ASD — , , . , . : " – – " , : " – – »;
6. - , : Feature Driven Development, FDD, , , :
   
   6.1. ;
   
   6.2. ;
   
   6.3. ;
   
   6.4. ;
   
   6.5. .

, , , , , , , , — "". , , , , , , "". PenTest, DevSecOps , [13-15].

, , . , , . , , .

, , , , .

, , . , , , , .

These secure development methodologies can provide organizations with increased profits, version control, intrusion prevention, risk minimization, and provide a trusted level among their users, which will raise the organization's assets and liabilities.

PS: if you put a minus, please comment so that in the future I do not make such mistakes.