Secure Development Lifecycle
2 minute read
Axway implements a Secure Development Lifecycle (SDL) in product development. A dedicated team, the Axway Product Security Group (PSG), manages the SDL in association with all the Axway Research and Development (R&D) product teams.
The SDL consists of a set of standard phases and processes. In this spiral development model, requirements and design are frequently revisited to ensure that risks are assessed and eliminated. The following diagram illustrates the simplified Microsoft SDL model that Axway follows.
Axway development teams follow Agile practices and implement SDL processes and controls throughout the development lifecycle. For example, threat-modeling is an important part of the design phase and a final security review is required before product release. These processes and control points ensure that products meet the initial security requirements and pass the technical criteria established by Axway PSG and the larger security community.
Development teams use a broad suite of industry-standard tools in the implementation and verification phases of the SDL. Teams run both static and dynamic analysis tools to identify potential code weaknesses and to discover security issues that could be exposed at runtime. The R&D Teams also run suites of attack surface tools and penetration testing tools on products to ensure that they meet gating criteria defined by PSG via the SDL. Teams also run other enhanced test scenarios required by our most security-conscious customers. provides tool suite information and our customized usage profiles on request.
Axway implements a new product introduction (NPI) process that supports the release of new products and major product revisions. This process requires a final security review that includes development and test artifacts. The NPI also ensures that the SDL is started early in development to optimize the delivery of secured products for you, our customer.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.