Security Development Lifecycle

by Agus Kurniawan 24. May 2010 07:28

Berbicara mengenai sistem keamanan memang gak habis-habisnya. Banyak topik dan subjek yang terlibat didalamnya. Pada artikel PCMedia edisi Juni 2010, gw tidak mengangkat terlalu teknis mengenai sistem keamanan tapi kesadaran akan pentingnya keamanan pada produk software. SDLC yang banyak diterapkan kebanyakan security architecture dipikirkan belakangan kalau produk software sudah selesai. Inilah awal dari permasalahan sistem keamanan.

Security Development Lifecycle atau disingkat dengan SDL adalah  proses penjaminan kualitas keamanan pada perangkat lunak yang sedang dibuat. Microsoft secara intensif dan memasukkan dalam policy program sejak tahun 2004 yang diterapkan dalam setiap pengembangan produk yang dibuat. Dengan mengkombinasikan pendekatan holistik dan praktis, SDL memperkenalkan keamanan dan privacy pada seluruh proses pengembangan perangkat lunak.

Saat ini penerapan SDL pada pengembangan perangkat lunak sangatlah penting karena berdasarkan target yang diserang sistem keamanan menunjukkan bahwa aplikasi adalah target yang paling banyak diserang sistem keamanannya.  Berdasarkan laporan Microsoft Security Intelligence Report volume 7  untuk interval waktu Januari sampai Juni 2009 menunjukkan aplikasi banyak diserang sistem keamanannya dan selanjutnya disusul dengan browser serta Sistem Operasi. Cek gambar dibawah

gambar1

Sedangkan berdasarkan laporan IBM Internet Security System X-Force tahun 2008 (Cek gambar dibawah) menunjukkan bahwa hanya sekitar 11% serangan sistem keamanan pada 5 vendor software besar yaitu Microsoft, Oracle, IBM, Apple, dan Cisco. Ini artinya sekitar 89% serangan sistem keamanan terjadi pada produk perangkat lunak yang dibuat oleh selain 5 vendor software besar dan mungkin itu termasuk aplikasi software yang kita buat.

gambar2

 

Penerapan SDL Pada Agile Development

Banyak sekali organisasi menerapkan Agile software development untuk pengembangan perangkat lunak. Di internal Microsoft sendiri, metologi Agile ini juga diterapkan dalam pembuatan produk perangkat lunak. Pada awalnya metodologi Agile tidak memberikan perhatian khusus untuk sistem keamanan dari perangkat lunak yang dibuat. Pada saat keamanan menjadi perhatian khusus pengguna maka metodologi Agile juga memberikan perhatian untuk diterapkannya sistem keamanan.

Microsoft memulai pengembangan perangkat lunak dengan memberikan perhatian pada sistem keamanan yang dikenal dengan SDL. Dengan diterapkan SDL ini, Microsoft dapat mengurangi celah sistem keamanan pada produknya lebih dari 50%. Penerapakan SDL memang cukup berat terutama pada produk besar seperti Windows dan Microsoft Office.

Lebih lengkapnya, bisa membaca pada artikel gw pada majalah PCMedia edisi Juni 2010. Semoga berguna.

Tags:

Security | Papers

blog comments powered by Disqus

About Agus Kurniawan

Agus Kurniawan

For more detail about me click here [V]

Please entry your name into my guestbook [V]

If you want to contact me, please go here [V]

Go here for my professional services [V]

My Books

Arduino Pro Mini A Hands-On Guide for Beginner 

Arduino Pro Micro A Hands-On Guide for Beginner  Arduino Nano A Hands-On Guide for Beginner

Python and SQL Server Development  Coral Dev Board I/O Programming Using Python

Digi XBee3 Zigbee 3 Development Workshop  Microchip MPLAB Xpress Development Workshop

DFRobot Romeo V2 Development Workshop  Getting Started with Coral Dev Board

Arduino Sketch for ESP8266 Development Workshop  Internet of Things Projects with ESP32

Teensy LC Development Workshop  Arduino Sketch for STM8 Development Workshop

Sigfox Development with SiPy, LoPy4, FiPy  Sigfox Development with STM32 B-L072Z-LRWAN1

Arduino Sketch for STM32 Development Workshop  Arduino MKR ZERO Development Workshop

Administering and Developing Azure SQL Database  Pycom WiPy 3.0 Development Workshop

Getting Started with Ubuntu Core for Raspberry Pi 3  Practical Kotlin Programming

Arduino Sketch for ESP32 Development Workshop  Building Wireless Sensor Networks with ESP32 LoRa

Getting Started with ACKme Mackerel AMW004 Development  NodeMCU for ESP32 Development Workshop 

Arduino MKR WIFI 1010 Development Workshop  IOIO-OTG Development Workshop

MicroPython for STM32 Nucleo Technical Workshop  STM32 Nucleo-32 Development Workshop

Learn CloudFormation  SparkFun nRF52832 Development Workshop

LinkIt Smart 7688 and LinkIt Smart 7688 Duo Development Workshop  CircuitPython Development Workshop

MicroPython for BBC micro:bit Technical Workshop  RedBear Blend v2 Development Workshop

Realtek Ameba RTL8195 Technical Workshop  Practical Contiki-NG: Programming for Wireless Sensor Networks

ESPectro32 Technical Workshop STEMTera Development Workshop

BeagleBone Black Wireless Technical Workshop Arduino MKR GSM 1400 Development Workshop

Dragino LoRa Development Workshop Learning AWS IoT

Tessel 2 Development Workshop Raspberry Pi Compute Module 3 Technical Workshop

Vue.js Programming by Example Administering and Developing SQL Server 2017 for Linux

Arduino MKRFOX1200 Development Workshop  Intelligent IoT Projects in 7 Days

Teensy Development Workshop Teensy 3.5 and Teensy 3.6 Boards Edition OpenMV Development Workshop

ESPresso Lite V2.0 Development Workshop  MicroPython for ESP32 Development Workshop

Arduino FIO Development Workshop  Getting Started with Android Things for Raspberry Pi 3

Pycom WiPy 2.0 Development Workshop  XBee ZigBee Development Workshop

SparkFun ESP32 Thing Development Workshop Getting Started With BBC micro:bit

Getting Started With Raspberry Pi Zero W Espruino Pico Development Workshop

Getting Started with ASP.NET Core for OS X, Linux, and Windows  Arduino TIAN Development Workshop

SimpleLink Wi-Fi CC3200 LaunchPad Development Workshop  MicroPython for ESP8266 Development Workshop

Smart Internet of Things Projects  Arduino UNO WiFi Development Workshop

XBee Wi-Fi development workshop SparkFun Simblee BLE Development Workshop

Mengenal Microsoft Azure ML Getting Started with Windows 10 IoT Core for Raspberry Pi 3

Arduino and Genuino Zero Development Workshop Go and SQL Server Programming By Example

Arduino and Genuino MKR1000 Development Workshop  Mengenal Microsoft Azure IoT

Getting Started with Raspberry Pi 3 PHP and PostgreSQL Programming By Example

Arduino and Genuino 101 Development Workshop Getting Started with Raspberry Pi Zero

Getting Started with Arduino Wiring for Windows 10 IoT Core Getting Started with Wolfram Language and Mathematica for Raspberry Pi

Arduino Uno: A Hands-On Guide for Beginner Arduino Leonardo and Arduino Micro: A Hands-On Guide for Beginner

RedBearLab CC3200 Development Workshop The Photon Kit Development Workshop

Python Programming by Example Raspberry Pi LED Blueprints

Bluno Beetle Development Workshop BeagleBone Black Programming using Matlab

Arduino Programming using MATLAB Digispark USB Development Workshop

Near Field Communication (NFC) for Embedded Applications Arduino Development for OSX and iOS

SparkFun ESP8266 Thing Development Workshop Teensy Development Workshop

Getting Started with Windows 10 for Raspberry 2 NodeMCU Development Workshop

Getting Started with ASP.NET 5 for OS X, Linux, and Windows Getting Started with Windows Remote Arduino

Redis Programming by Example The Hands-on ARM mbed Development Lab Manual

Getting Started With STM32 Nucleo Development Getting Started with Windows IoT and Intel Galileo

Learning C by Example Getting Started with Raspberry Pi 2

Getting Started with Arduino and Go The Hands-on Arduino Yún Manual Lab

The Hands-on MEAN Lab Manual, Volume 1 Go Programming by Example

Getting Started with Scratch for pcDuino Raspberry Pi Wireless Networks

BeagleBone Black Programming by Example Database Programming Using R

Learning R in 120 Minutes The Hands-on Intel Edison Manual Lab

Getting Started with pcDuino3 TI ARM Cortex-M LaunchPad Programming by Example

Raspberry Pi I/O Programming using Python Getting Started with Intel IoT and Intel Galileo

Pemrograman Java Tingkat Lanjut PHP and MongoDB Programming By Example

ASP.NET SignalR Programming By Example KnockoutJS Programming by Example

Getting Started with Java ME Embedded 8 and Raspberry Pi XBee IEEE 802.15.4 Programming

Raspberry Pi System Programming for Beginner Backbone.js Programming By Example

PHP and SQL Server Programming By Example AngularJS Programming by Example

jQuery Programming by Example Getting Started with Arduino and Ruby

Raspberry Pi Command Line for Beginner Getting Started with Arduino and Python

MSP430 LaunchPad Programming TypeScript Programming by Example

Getting Started with Matlab Simulink and Arduino SQL Server for Node.js

Pocket Reference: Netduino for Beginner Database Programming using Matlab

Pocket Reference: Basic Sensors in Windows 8 Getting Started with Matlab Simulink and Raspberry Pi

Getting Started with Arduino and Java  Pocket Reference: Raspberry Pi Programming

Getting Started with Arduino and Matlab Getting Started with Arduino and .NET

Pocket Reference: Raspberry Pi Getting Started with Arduino and Node.js

MongoDB for VB.NET Panduan Praktis Windows Azure

Network Forensics: Panduan Analisis Dan Investigasi Paket Data Jaringan Menggunakan Wireshark Object-Relational Mapping (ORM): MongoDB, Mongoosejs and Node.js By Example

Nodejs Programming by Example MongoDB for by Example

Pemrograman Parallel Dengan MPI dan C Panduan Lengkap iPad 2 Untuk Pemula

Pemrograman Jaringan Dengan Java Aplikasi Pilihan iPad Untuk Anak-Anak

Buku lainnya [V]

Agus Kurniawan is Microsoft MVP (Most Valuable Professional)

Agus Kurniawan- Github Profile

Agus Kurniawan- Codeplex Profile

Follow Me

Follow agusk2010 on Twitter

Month List