Security is a serious problem in software development which when not taken into consideration, exploits vulnerabilities in software. Such security related problems need to be addressed as early as possible while building software. Security problems exist for many reasons. A major thing is that, software cannot resist security attacks. Software security vulnerabilities are often caused due to the flaws that might be in specification, design, implementation or testing. These flaws are unknowingly injected by the software developers during development or left unnoticed by the software testers while testing for defects in software. This requires that developers and testers use methods that consistently produce secure software, which results in a defect less product. Security must be integrated into the software development life cycle from the beginning and must persist until the product is in use. This paper brings out the security deliberation that have to be paid due attention in the various phases of software development life cycle while developing a software.

1. Banerjee C. , Pandey S. K. , "Software Security Rules: SDLC Perspective", International Journal of Computer Science and Information Security (IJCSIS), Vol. 6, No. 1,.
2. Sodiya A. S. , Onashoga S. A. , and Ajayi O. B. , "Toward Building Secure Software Systems", Vol. 3, pp. 636 – 645, 2006.
3. Vladimir Golubev, "Using of Computer Systems Accountability Technologies in The Fight against Cybercrimes", Computer Crime ResearchCenter. Available: http://www. crimeresearch. org/ library/Using. htm.
4. http://www. albion. com/security/intro-4. html
5. Neil Daswani, Christoph Kern, Anita Kesavan, "Foundations of security What Every Programmer Needs to Know", APRESS, pp. 44, 2007.
6. http://en. wikipedia. org/wiki/Access_control
7. http://www. fortify. com/vulncat/en/vulncat/index. html
8. http://www. fortify. com/security-resources/taxonomy. jsp
9. Elizabeth Wasserman, "The Role of Auditing in IT and Security",Available:http://www. ciostrategycenter. com/Board/smarts/role_of_audit/index. html
10. Shawn Hernan, Scott Lambert, Tomasz Ostwald, Adam Shostack, "Uncover Security Design Flaws using The STRIDE Approach", msdn. microsoft. com, Nov. 2006. Available: http://msdn. microsoft. com/en-us/magazine/cc163519. aspx.
11. Paco Hope and Peter White, "Software Security Requirement the foundation for security", Cigital Inc. , Available: http://sqgne. org/presentations/2007-08/Hope-Sep-2007. pdf
12. Malik Imran Daud, "Secure Software Development Model: A Guide for Secure Software Life Cycle", Proceedings of the International MultiConference of Engineers and Computer Scientists, Vol. I, IMECS, Hong Kong, March 17-19, 2010.
13. Kotonya G. and Sommerville I. , "Requirement Engineering Process and Techniques", John Wiley and Sons, 1998.
14. Asoke K. Talukder, Vineet Kumar Mayura, Santhosh Babu G. , Jangam Ebenezer, Muni Sekhar V. , Jevitha K. P. , Saurabh Samanta, Alwyn Roshan Paris, "Security-aware Software Development Life Cycle (SaSDLC) – Processes and Tools", Accepted for Presentation at WOCN 2009, Cairo, Egypt, 28-30 April 2009.
15. Donald G. Firesmith, "Engineering Security Requirements", Firesmith Consulting, U. S. A Vol. 2, No. 1, January-February 2003. Available: http://www. jot. fm/issues/issue_2003_01/column6.
16. Suvda Myagmar, Adam J. Lee, and William Yurcik, "Threat Modeling as a Basis for Security Requirements", IEEE Symposium on Requirements Engineering for Information Security (SREIS), August 2005.
17. Lee M. Clagett, "Security Requirements for the Prevention of Modern Software Vulnerabilities and a Process for Incorporation into Classic Software Development Lifecycles", Thesis dissertation.
18. Chun Wei (Johnny), Sia, "Misuse Cases and Abuse Cases in Eliciting Security Requirements", 25 Oct 2005.
19. Martyn Fetcher, Howard Chivers, Jim Austin, "Combining Functional and Security Requirements' Processes", ROLLS ROYCE PLC-REPORT-PNR, Vol. 93025, 2005.
20. Swapnesh Taterh, Yadav K. P. , Sharma S. K. , "Threat Modeling and Security Pattern used in Design Phase of Secure Software Development Life Cycle", International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 2, Issue 4, April 2012.
21. Saltzer, Jerome H. and Schroeder, Michael D. , "The Protection of Information in Computer Systems", Proceedings of the IEEE 63, pp. 1278-1308, September 1975.
22. Meier J. D. , Alex Mackman, Blaine Wastell, "Threat Modeling Web Applications Patterns & Practices Library", Microsoft Corporation, May 2005. Available: http://msdn. microsoft. com/en-us/library/ff648006. aspx
23. Joseph W. Yoder and Jeffrey Barcalow (1997), "Architectural Patterns for Enabling Application Security", Proc. , 4th Conference on Patterns Languages of Programs (PLoP'97) Monticello, Illinois.
24. Nobukazu Yoshioka, Hironori Washizaki and Katsuhiasa Maruyama, "A survey on security patterns –– progress in informatics", No. 5, pp. 35-47, (2006).
25. Steve Lipner and Michael Howard, "The Trustworthy Computing Security Development Lifecycle", Security Engineering and Communications, Security Business and Technology Unit, Microsoft Corporation, March 2005.
26. Agrawal A. and Khan R. A. , "A Framework to Detect and Analyze Software Vulnerabilities – Development Phase Perspective", International Journal of Recent Trends in Engineering, Vol. 2, No. 2, November 2009.
27. Gu Tian-yang, Shi Yin-sheng, and Fang You-yuan, Research on Software Security Testing, World Academy of Science, Engineering and Technology, 2010.
28. Chilenski J. and Miller S. , "Applicability of modified condition/decision coverage to software testing", Software Engineering Journal, pp. 193–200, September 1994.
29. Mark Fewster and Dorothy Graham. Software test automation: effective use of test execution tools. ACM Press/Addison-Wesley Publishing Co. , New York, NY, USA, 1999.
30. Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu, Security Test Generation using Threat Trees, Proc. Fourth Int'l Workshop Automation of Software Test (AST '09), May 2009.

Software Development Life Cycle Requirements Design Development Threat Modeling Security Testing.