Software Development Life Cycle (SDLC) is the structured process for planning, designing, building, testing, deploying, and maintaining software. It gives teams a way to define requirements and manage changes throughout a product’s life. Secure SDLC adds security requirements and review activities to those stages rather than treating security as a final test.
For security practitioners, relevant activities include threat modeling during design, secure coding and peer review during development, and testing for authorization flaws, injection vulnerabilities, and unsafe dependencies before release. Build systems and deployment pipelines also need controls against tampered artifacts, exposed credentials, and insecure configuration. After deployment, vulnerability management includes monitoring dependencies, triaging findings, patching releases, and retiring unsupported components. These practices reduce the chance that defects become exploitable, while preserving evidence of security decisions for audits and investigations.