Module 8 and 9 Paper: A Software Development Environment with State-ofthe-Art Integrated Security Features
Introduction
You are now in Module 8, and it is time to start preparing a comprehensive paper. You will submit the
paper in Module 9.
Following 9 SDLC labs will shed a light on this paper:
1) Building an SDLC environment in Microsoft Azure
2) Creating a Kanban board and project backlog
3) Threat modeling
4) Performing attack surface analysis
5) Analyzing the code on-fly
6) Using sandboxing and fuzzing techniques
7) Performing static source code analysis
8) Reverse-engineering a binary file
9) Perform the operation, maintenance, and disposal in Azure.
The Scenario
With the proliferation of cloud infrastructures, DevOps, and SecOps processes became very popular.
These processes rendered fully integrated SDLC processes for the companies. In this course, you’ve
practiced security tools and methods that correspond to every phase of SDLC. In some labs, you used
modern infrastructures such as Azure DevOps, Kanban Boards, Azure Cloud, however in other labs; you
used legacy or proof-of-concept tools such as Bandit source code analyzer. Not all of the tools used in
the labs were integrated into the SDLC environment that you set up in Lab 1.
Now it’s time to share your expertise about how to create a state-of-the-art software development
environment. Write a white paper that describes a modern software development environment that
incorporates and integrates all SDLC processes. Define the problems that can occur if it is not done
properly and make recommendations to address them. Your audience is mid-level managers such as IT
managers.
For more about writing a white paper, read:
• White Papers, guidance on how to write a white paper from the Purdue OWL. Make sure to read
the sections “Purpose and audience” and “Organization and Other Tips.”
• White Papers PowerPoint Presentation
Research
This section contains a list of resources for you to review and read. You can also perform your own
Internet search to access other resources such as academic papers, white papers, training videos, and
webpages. Keep track of the sources you use; you will need to cite them. RefWorks is an excellent free
tool for helping you do this.
Read
Defending Infrastructure as Code in GitHub Enterprise,
The DevSecOps Approach to Securing Your Code and Your Cloud, (Register for SANS Reading Room)
Microsoft SDL Practices
The Security Development Lifecycle
Secure Development Lifecycle
Watch
What is DevOps?
What is DevSecOps?
What is Docker?
Github Marketplace
Search Tools
Azure Marketplace
Amazon AWS Marketplace
GCP Marketplace
Github Marketplace
Virtual Studio Marketplace
Eclipse Marketplace
Write
Write a white paper that describes how to create a modern software development environment that
incorporates and integrates all SDLC processes. Your paper should be approximately 4-6 pages, not
including the title page and Works Cited.
Organize your white paper into these main sections: Title page, Introduction, Problem Statement,
Solution, Conclusion, and Works Cited. Format the text, margins, and citations in APA style. You are not
required to write an abstract.
Include the following:
• Services, tools, and technologies: Cloud environment, DevOps (CI/CD), SecOps, GitHub IDE and
IDE security extensions, integrated software testing tools, Docker, Kubernetes, Scrum, Sprint.
Describe/explain the functions and relationships of each of the services, tools, and technologies.
• All of the processes you completed in 9 labs. Replace the legacy and isolated ones with state-ofthe-art methods as much as possible.
• Draw one or more flowcharts to show the SDLC phases and the interaction of the tools with
these phases. Show essential actors in the flowchart, such as DevOps engineers, Developers,
project manager.
• Search and include tools from Github marketplace or Cloud provider’s marketplaces.
Make sure to carefully proofread and edit your work.
