Sentinel Help Center
  • Sentinel Overview
    • Dashboard
    • Environments
    • User Hub
    • Requests
    • Reports
  • Installation & Updates
    • Sentinel Shortcuts [From PS]
    • Sentinel VM Requirements
    • Host Server Setup RHEL/CentOS 7
    • Host Server Setup RHEL/CentOS 8
    • Host Server Setup RHEL/CentOS 9
    • Sentinel Server Update
    • Oracle Database Account
    • PostgreSQL Backups
  • Settings
    • Sentinel Accounts
    • Databases
    • System Settings
    • Single Sign-On
    • Access Request Settings
    • Role Groups
    • Role Approvers
    • Custom Forms
    • Sensitive Data Settings
    • Security Log
  • Security Administration
    • Menu Functions
    • Direct Access
    • Users
      • User Access Updates
      • User Profile Features
    • Roles
      • Role Updates
      • Role Features
    • Permission Lists
      • Permission List Updates
      • Permission List Features
    • Dynamic Security
    • Temporary Access
    • Fluid Security
    • Security Matrix
    • Compare Reports
  • Security Reports
    • Security Reports Setup
    • Page Analysis
    • User Access
    • Role Access
    • Permission List Access
    • Query Analysis
    • Compare Users
    • PeopleTools Access
    • Portal Menus
  • Audit Review
    • Audit Review Setup
    • Privileged Access
    • Sensitive Data
    • Segregation of Duties
    • Correction Access
    • Restricted Roles
    • Role Changes
    • Notifications
    • Manager Reports
  • Access Requests
    • Implementation Guide
    • Submit New Request
    • Review & Approve Requests
    • Workflows & Routing
    • Apply Changes
  • Resources
    • User Training Guide
    • Policies
      • Policy Overview
      • Data Privacy
      • Cloud Security
      • Software Development
      • Disaster Recovery
      • Service Level Agreement
      • Employees
Powered by GitBook
On this page
  • 1. Planning and Requirements Gathering
  • 2. Design
  • 4. Testing
  • 5. Deployment
  • 6. Maintenance and Monitoring
  • 7. Decommissioning (if applicable)
  1. Resources
  2. Policies

Software Development

The Software Development Life Cycle outlines the processes and methodologies Sentinel follows to develop high-quality, secure software. Here’s a description of our SDLC with a focus on secure software development:

1. Planning and Requirements Gathering

• Objective: Define the scope, objectives, and functional/non-functional requirements.

• Security Integration:

• Identify potential security risks and compliance requirements.

• Include security-specific requirements, such as encryption, authentication, and regulatory mandates (e.g., GDPR, HIPAA).

2. Design

• Objective: Create detailed system and architectural designs.

• Security Integration:

• Perform threat modeling to identify potential vulnerabilities.

• Adopt secure design principles (e.g., least privilege, defense in depth).

• Include security features like role-based access control and secure data flow diagrams.

3. Development

• Objective: Write and implement the code for the application.

• Security Integration:

• Use secure coding standards (e.g., OWASP Secure Coding Guidelines).

• Leverage automated tools to detect common vulnerabilities (e.g., static analysis tools).

• Conduct peer reviews focused on security implications.

4. Testing

• Objective: Validate functionality and detect defects or vulnerabilities.

• Security Integration:

• Perform dynamic analysis and penetration testing.

• Conduct vulnerability scans to identify misconfigurations and insecure code.

• Implement fuzz testing to identify unusual edge cases and unexpected inputs.

• Address and re-test all detected vulnerabilities.

5. Deployment

• Objective: Deploy the application into a live environment.

• Security Integration:

• Secure the deployment pipeline (e.g., encrypting CI/CD tools and credentials).

• Implement secure configuration baselines for servers and environments.

• Ensure rollback plans and backups are securely maintained.

6. Maintenance and Monitoring

• Objective: Provide updates, fixes, and continuous monitoring post-launch.

• Security Integration:

• Monitor for emerging threats using tools like SIEM (Security Information and Event Management).

• Regularly patch software to address vulnerabilities.

• Conduct periodic audits and penetration tests to ensure ongoing security compliance.

7. Decommissioning (if applicable)

• Objective: Safely retire outdated or unused systems.

• Security Integration:

• Securely delete sensitive data in compliance with legal and organizational policies.

• Remove application instances and credentials from the infrastructure.

Would you like to dive deeper into any specific phase or practice?

PreviousCloud SecurityNextDisaster Recovery

Last updated 2 months ago