Professional Documents
Culture Documents
SSDLC Roadmap Stages
SSDLC Roadmap Stages
Existing Application :
- AAA - DDD - GGG
- BBB - EEE - HHH
- CCC - FFF - III
Development Process
1. Standardize Development mode ? Not Yet
2. Development Documentation? Not Yet
3. Centralize source code? Minimum
4. Security involve Development Process? Not Yet
5. Standardization Environment? (some application Demo Deploy to public host)
Operation Process
1. Protection In Production? Minimum
2. Analysis and monitory? Minimum
Reflection Current Condition To SDLC Process
Propose Solution Based on Current Condition
Development Team
1. Implement Standard Software Development Live Circle (SDLC)
2. Transformation from Software Development Live Circle (SDLC) TO Secure Software Development Live Circle(SSDLC) in pararely
3. Centralize all source
4. Build Secure Pipeline
5. Build Independent security team
DevOps Team
This team will handle handle all CI/CD (automation) and help developer to deploy application to Environment,
Include Automation Testing
Security Team
Build Red Team Build Blue Team
• Offensive Security • Defensive Security
• Ethical hacking • Infrastructure Protection
• Exploiting Vulnerabilities • Incident Response
• Penetration Testing • Digital Forensics
• Web Application Scanning • Threat Hunters
• Social Engineering • Operational Security
Operation Urgent
1. Protection In Production Like WAF or Monitoring traffic and Security Protection
2. Analysis and Monitory Like SOC And SIEM
Secure Pipeline In Secure SDLC Process Level 1
Secure Pipeline In Secure SDLC Process Level 2