Integrating Security in SDLC to Enhance Website Architecture
In today’s era of technology, we are sharing and storing all our data on websites or online storage without even thinking of data theft. But every day a lot of data is stolen from websites because of the mistakes or loopholes which were found by hackers and a lot of personal information is compromised. If you want to check whether you have been pawned, you can visit https://haveibeenpwned.com/.
Some tech giants are more conscious of security aspects. Though they own secure environments SOC ( Security Operation Center ) systems they require their developer to write code with minimal bugs. And instead of using traditional methods of software development they are using Secure SDLC.
What is Secure SDLC?
As the name itself defines, it is called the Secure Software Development Life Cycle.
Now hackers have more complex strategies to break down any system through the code itself. So companies have added security and threat analysis in software development during their requirement gathering and testing phase. Also, they hire white hat hackers who try to crack their systems and report to companies so that they find issues in their systems before anyone else does. Penetration testing, architecture analysis, and code review is considered as essential stages of the development lifecycle.
Does a Good Code Complete All the Security Aspects?
No, Along with good code, good architecture is also an equally important thing in development. Good architecture is a backbone for good code. The best architecture that must suit your application is most important.
If you have hosted your website on a server which can not handle loads of requests on your website then the server will crash and your system will be down. To overcome this kind of issue, AWS is providing all the services required that an ideal applicant must have. It provides Platform As A Service (PAAS). Create entities that you want in just a few clicks and pay for it as you use it.
A database can also be made on AWS RDS which is more popular nowadays amongst several small to big organizations.
AWS itself is focusing more on the security of the architecture which their customers use. It provides few services to prevent some kind of attack and keep your system safe. It provides VPC to keep secure your virtual private cloud and secure your entities from direct accessibility so that you can prevent someone from disturbing your systems.
AWS provides security groups as well to manage IP and port accessibility. You just open the ports which you want for your application and keep your system safe.
We can apply security groups on servers, RDS and other entities as well to keep our systems safe.
But apart from it, you have few sites which are for the public and which can be accessed by all as it is not possible to identify if the user is a hacker or just someone who wants to use your services. For this kind of issue, AWS has implemented its own Firewall. Any traffic needs to pass through the firewall first and if the filters of the firewall allow it, then the request will be fulfilled else it will discard it. Also in the firewall, you can define your set of rules to block or allow particular requests. For example, if someone is trying to perform SQL Injection on your system then it will automatically block the particular request and keep your systems safe. Also, if you are facing brute force attacks then you can apply a set of rules, frequency in minutes to trigger the rule and appropriate actions will be taken at that particular time.
Apart from security, AWS provides few services which can be used to analyze your systems like system failures. If your instance is not responding or Maximum CPU is utilized because of the D-Dos attack then it will notify through email and you can also trigger some actions on such events.