As information technology got rapidly developed and highly utilized, the impacts of information security for everyone,s daily life became significant and serious. Since attackers often take advantage of software vulnerabilities to perform successful intrusions, the defenders must improve software security to avoid being compromised repeatedly. When non-functional requirements such as security controls are considered early in the software development lifecycle, it not only greatly reduces the cost of fixing security bugs at the production stage, but also comprehensively and effectively addresses the overall security of the developed software. This paper covers best practices throughout the secure software development lifecycle (SSDLC) with emphasis on security design and additional concepts.