Software security is not a set of individual tasks isolated from other organizational concerns. Instead, it is a repeatable process with several stages, much in the same way that software development itself follows a lifecycle. In this lesson, you'll follow and apply the stages of this lifecycle with a focus on security, ensuring your software projects are protected at a high level.

You've implemented different processes in the secure software development lifecycle (SSDLC), now it's time to go into depth for each phase of the lifecycle. As you know, the first phase is requirements definition and analysis. In this lesson, you'll explore some of the major sources of requirements and how best to define those requirements so that they meet your security needs.

The process you use to design your software should reflect what is important to you, your customers, and other project stakeholders. Following this rationale, if software security is important to you, it should be an important part of your design processes. In this lesson, you'll move on to the second phase of the secure software development lifecycle (SSDLC) to incorporate security into the design of software.

You've outlined security requirements and designed your software around security. The next phase of the secure software development lifecycle (SSDLC) is development, where you actually implement security protections through code. And, as part of a DevOps approach, you'll also implement protections that support your code and your software's runtime environments.

As you design and implement software throughout the entire software development lifecycle, you need to test it to ensure it will lead to a high-quality finished product that is secure and protects both users and the organization. There are various approaches to testing, several of which you'll employ in this lesson.

You've designed, developed, and tested your software. Now you must make sure it remains secure when deployed to production. And, you must ensure that security extends over time, performing fixes as needed. In this lesson, you'll engage with the final two phases of the secure software development lifecycle (SSDLC).

As a software developer, you may not think of yourself as being on the frontlines of cybersecurity within an organization. After all, there are security practitioners whose job it is to be vigilant against active attacks. Even though you may not implement cybersecurity defenses yourself, you must still be aware of them and why they're necessary to ensure the security of the entire organization—software included. This is crucial in supporting a truly effective DevSecOps approach.

You'll wrap things up and then validate what you've learned in this course by taking the credential exam.