421.3 Development

Overview

The development phase is where the system’s design is brought to life through programming. During this stage, developers implement the specified functionality using chosen programming languages, libraries, and frameworks. Secure software development focuses not only on making the system work, but on doing so safely, predictably, and defensively.

Choices made during development—such as how inputs are handled, what access controls are enforced, and how data is stored—directly affect the software’s security. Developers must follow clear coding standards, apply secure practices, and work collaboratively to prevent vulnerabilities and ensure long-term reliability.

Targets

In this topic, students learn to:

• Implement software that meets defined specifications

• Apply secure coding practices and standards

• Manage dependencies, modularity, and reusability

• Prevent common errors and vulnerabilities through code structure and input handling

Syllabus references

Writing secure code

Secure development practices include:

• Modular design: Breaking code into clear, reusable components with single responsibilities

• Consistent naming and formatting: Following code style guides improves readability and reduces misunderstanding

• Input handling: Validating and sanitising all user inputs to prevent injection attacks and data corruption

• Error and exception management: Catching and managing errors gracefully to avoid crashes or data leaks

• Access control enforcement: Ensuring that authorisation checks are built into the logic where needed

• Defensive programming: Assuming that anything can fail and writing code that anticipates edge cases or misuse

Example:

Instead of trusting that a user-submitted email is valid, the program should verify its format and reject invalid input before storing it.

Managing the development environment

Secure development also depends on how tools and processes are managed. This includes:

• Using version control (e.g. Git) to track changes and manage collaborative edits

• Automated build tools to reduce human error in compilation and deployment

• Secure handling of dependencies, including verifying third-party libraries and keeping them up to date

• Managing configuration separately from code, to avoid exposing sensitive credentials in source files

Collaboration and documentation

Security is a shared responsibility. During development:

• Developers should conduct code reviews to catch logic errors and missed security checks

• Teams should maintain documentation for all components, inputs, and expected behaviours

• Comments should explain reasoning, not just what the code does

These practices improve maintainability and reduce the risk of introducing vulnerabilities when changes are made later.

Output of the development phase

The outcome of this phase is a working software implementation that:

• Fulfils all functional and non-functional specifications

• Follows consistent and maintainable coding practices

• Embeds security protections within the logic of the application

• Is ready to be tested, reviewed, and validated during the next phase of the lifecycle