scholarly journals Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

2016 ◽  
Author(s):  
Paulina Silva ◽  
René Noël ◽  
Santiago Matalonga ◽  
Hernán Astudillo ◽  
Diego Gatica ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
The Other ◽  
Software Systems ◽  
Security Threats ◽  
Controlled Experiments ◽  
Systematic Mapping ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

Creating and Applying Security Goal Indicator Trees in an Industrial Environment

2014 ◽  
pp. 999-1013
Author(s):  
Alessandra Bagnato ◽  
Fabio Raiteri ◽  
Christian Jung ◽  
Frank Elberzhager
Keyword(s):  
Software Development ◽  
Software Systems ◽  
Full Potential ◽  
Security Vulnerabilities ◽  
Industrial Project ◽  
Project Environment ◽  
Development Tools ◽  
Development Lifecycle ◽  
Software Development Lifecycle

Security inspections are increasingly important for bringing security-relevant aspects into software systems, particularly during the early stages of development. Nowadays, such inspections often do not focus specifically on security. With regard to security, the well-known and approved benefits of inspections are not exploited to their full potential. This book chapter focuses on the Security Goal Indicator Tree application for eliminating existing shortcomings, the training that led to their creation in an industrial project environment, their usage, and their reuse by a team in industry. SGITs are a new approach for modeling and checking security-relevant aspects throughout the entire software development lifecycle. This book chapter describes the modeling of such security goal based trees as part of requirements engineering using the GOAT tool dedicated plug-in and the retrieval of these models during the various phases of the software development lifecycle in a project by means of Software Vulnerability Repository Services (SVRS) created in the European project SHIELDS (SHIELDS - Detecting known security vulnerabilities from within design and development tools).

Assimilating and Optimizing Software Assurance in the SDLC

2012 ◽  
pp. 16-34
Author(s):  
Aderemi O. Adeniji ◽  
Seok-Won Lee
Keyword(s):  
Software Development ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle ◽  
Software Processes ◽  
Software Lifecycle ◽  
Software Assurance

Software Assurance is the planned and systematic set of activities that ensures software processes and products conform to requirements while standards and procedures in a manner that builds trusted systems and secure software. While absolute security may not yet be possible, procedures and practices exist to promote assurance in the software lifecycle. In this paper, the authors present a framework and step-wise approach towards achieving and optimizing assurance by infusing security knowledge, techniques, and methodologies into each phase of the Software Development Lifecycle (SDLC).

scholarly journals A Secure Software Specification Development Strategy for Enterprises : A Case Study Approach

2021 ◽  
pp. 260-266
Author(s):  
Sifat Ali Sathio ◽  
Isma Farah Siddiqui ◽  
Qasim Ali Arain
Keyword(s):  
Software Development ◽  
Web Application ◽  
Assessment Model ◽  
Case Study Approach ◽  
Software Specification ◽  
Study Approach ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Although Security is a non-functional requirement, it is a very essential requirement for software systems, to achieve secure software specification development for enterprises we need to find and fix vulnerabilities in the early phase of SDLC. For the successful achievement of secure software specification development in the software enterprise, the security of software application plays a very vital role. During the software development lifecycle, improper security can lead to thoughtful and serious consequences in any enterprise. In this paper, the case study approach is followed regarding the achievement of a secure web application, finding and fixing vulnerabilities in the early software development lifecycle, and applying the re-engineering process on a developed web application using the best security assessment model considering the literature review. Also, validation of the developed application is done with the help of Penetration testing.

A Review of Software Quality Methodologies

2012 ◽  
pp. 129-150 ◽  
Author(s):  
Saqib Saeed ◽  
Farrukh Masood Khawaja ◽  
Zaigham Mahmood
Keyword(s):  
Software Development ◽  
Software Quality ◽  
Software Systems ◽  
High Quality ◽  
Software Applications ◽  
Pervasive Systems ◽  
Development Lifecycle ◽  
Development Cycle ◽  
Software Development Lifecycle ◽  
Reliable Software

Pervasive systems and increased reliance on embedded systems require that the underlying software is properly tested and has in-built high quality. The approaches often adopted to realize software systems have inherent weaknesses that have resulted in less robust software applications. The requirement of reliable software suggests that quality needs to be instilled at all stages of a software development paradigms, especially at the testing stages of the development cycle ensuring that quality attributes and parameters are taken into account when designing and developing software. In this respect, numerous tools, techniques, and methodologies have also been proposed. In this chapter, the authors present and review different methodologies employed to improve the software quality during the software development lifecycle.

A Survey on Secure Software Development Lifecycles

2014 ◽  
pp. 17-33
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

scholarly journals Keamanan Sistem Perangkat Lunak dengan Secure Software Development Lifecycle

2021 ◽  
Vol 12 (1) ◽  
pp. 88-101
Author(s):  
Muhammad Rizky Hasan ◽  
Suhermanto Suhermanto ◽  
Suharmanto Suharmanto
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Secure Software ◽  
Software Development Lifecycle ◽  
Secure Software Development ◽  
Software Development Life Cycle

Saat ini, pengembangan perangkat lunak lebih kompleks daripada sebelumnya di mana keamanan menjadi salah satu yang paling krusial. Masalah keamanan menjadi bagian penting untuk developer perangkat lunak.Kebutuhan keamanan dalam pengembangan perangkat lunak menghasilkanpenciptaan yang disebut Secure Software Development Life Cycle (SSDLC). Paper ini menyoroti kerentanan perangkat lunak dan pendekatan untuk mengatasinya. Untuk itu akan dibahas beberapa tool keamanan seperti OWASP dan ISSAF. Tujuannya agar dapat mengetahui sejauh mana tool-tool tersebut meminimalkan kerentanan dalam pengembangan perangkat lunak.

Sign in / Sign up

Export Citation Format

Share Document