I wonder if would you consider checking lengths for database fields is part secure SDLC?
When designing the database, one must consider checking the length of its fields.
Without needing to gossip a lot, I may mention the famous password field: what if the developers follow the good security principle of hashing, salting (or even peppering) the password but the length of the password field in the database is shorter than the length of the hashing output function? Depending on the situation, this may result in hashing the passwords almost useless in this case.
Apart from this, you may get troubles if you do not check at some point the lengths in question as explained in the accepted answer of overstating field size in database design.
In practice, however, checking the lengths of the database fields is not enough if it is not coupled with data validation and data sanitization concepts.