A hybrid threat model for system-centric and attack-centric for effective security design in SDLC

2021 ◽  
pp. 1-11
Author(s):  
Ganesh Viswanathan ◽  
Prabhu J
Keyword(s):  
Software Development ◽  
Security Design ◽  
Design Phase ◽  
Attack Tree ◽  
Threat Modeling ◽  
Software Application ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Software Development Life Cycle

Threat modeling is an essential activity in the security development lifecycle. To provide security at the design phase of software development, Microsoft introduced threat modeling stride to identify the vulnerabilities and attacks of application. An efficient solution is necessary to deal with these issues in the software development life cycle. In this context, the paper focused on the analysis of threats and attack tree techniques that are traditionally available and frequently used. Automated Threat modeling enables to simulate attacks and visualized the existing vulnerabilities and misconfiguration. A hybrid model is proposed based on system-centric and attacker-centric to identify the threats in the software application during the software design phase. This model is built by STRIDE by defining security architecture and then analyzed the risks regarding its security characteristics and applied to its real application system. Our model is applied in a case study of the health center management system and shows a better result is identifying the threats and severity in the design phase. And also attack tree defines the stages of threats to understand the severity.

scholarly journals Detection of Vulnerability Injection Point in Software Development Lifecycle for Effective Countermeasures

2020 ◽  
Vol 9 (3) ◽  
pp. 2715-2721
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Design Development ◽  
Application Development ◽  
Injection Point ◽  
Attack Tree ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Software Development Lifecycle ◽  
Software Development Life Cycle

This paper takes a deeper look at data breach, its causes and the linked vulnerability aspects in the application development lifecycle. Further, the Vulnerabilities are mapped to the software development life cycle (SDLC) involving requirement elicitation, design, development, testing and deployment phases. Being aware of exact SDLC life cycle where the vulnerabilities are injected, suitable security practices (countermeasures) can be adopted in delivery methodology, which can control the eventual data breaches and safeguard the application from security perspective. Our research focuses on Evolution of Vulnerabilities through the application development life cycle, and we have leveraged “Inverted Tree Structure/Attack Tree” and “Affinity Principles” to map the vulnerabilities to right Software Development Life Cycle.

scholarly journals DevOps phases across Software Development Lifecycle

2021 ◽  
Author(s):  
Mayank Gokarna
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Implementation Strategy ◽  
Quality Of Services ◽  
Comprehensive Collection ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Software Development Lifecycle ◽  
Software Development Life Cycle

DevOps is the combination of cultural mindset, practices, and tools that increases a team's ability to release applications and services at high velocity. The development and operations teams always have a conflict around the scope of responsibility. With these differences the quality and speed of delivery across software Development Life Cycle is negatively impacted. DevOps is about removing the barriers between two traditionally delimited teams, development and operations. With DevOps, these two teams work together to optimize both the productivity of developers and the reliability of operations. They strive to communicate frequently, increase efficiencies, and improve the quality of services they provide. They take full ownership for their services, often beyond where their stated roles or titles have traditionally been scoped. Transitioning to DevOps requires a change in culture and mindset first. It is quite difficult to persuade a whole company to change its culture at once. This paper aims to bring different phases of software development lifecycle into DevOps implementation strategy and presents a comprehensive collection of leading tools used across Software Development life Cycle to automate and integrate different stages of software delivery. This paper also highlights on DevOps practices which span across different phases of the Software Development Lifecycle and how those can be implemented with different tools available.

scholarly journals Keamanan Sistem Perangkat Lunak dengan Secure Software Development Lifecycle

2021 ◽  
Vol 12 (1) ◽  
pp. 88-101
Author(s):  
Muhammad Rizky Hasan ◽  
Suhermanto Suhermanto ◽  
Suharmanto Suharmanto
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Secure Software ◽  
Software Development Lifecycle ◽  
Secure Software Development ◽  
Software Development Life Cycle

Saat ini, pengembangan perangkat lunak lebih kompleks daripada sebelumnya di mana keamanan menjadi salah satu yang paling krusial. Masalah keamanan menjadi bagian penting untuk developer perangkat lunak.Kebutuhan keamanan dalam pengembangan perangkat lunak menghasilkanpenciptaan yang disebut Secure Software Development Life Cycle (SSDLC). Paper ini menyoroti kerentanan perangkat lunak dan pendekatan untuk mengatasinya. Untuk itu akan dibahas beberapa tool keamanan seperti OWASP dan ISSAF. Tujuannya agar dapat mengetahui sejauh mana tool-tool tersebut meminimalkan kerentanan dalam pengembangan perangkat lunak.

Managing Tacit Knowledge for a Software Development Process: A Case Study

2012 ◽  
Vol 11 (01) ◽  
pp. 1250001
Author(s):  
David P. Stevens ◽  
Sonya H. Y. Hsu ◽  
Zhiwei Zhu
Keyword(s):  
Software Development ◽  
Tacit Knowledge ◽  
Development Process ◽  
Explicit Knowledge ◽  
Software Development Process ◽  
Development Life Cycle ◽  
Managerial Implications ◽  
Software Development Life Cycle ◽  
Why Questions

The acquisition and management of knowledge is increasingly more important in today's economy because of the large proportion of the workforce eligible for retirement in the next 10 years. Companies have long understood that reusing explicit knowledge in the form of policies, documentation and procedures produces tremendous savings, reduces variability, decreases costs, and improves overall quality. Unfortunately, a considerable portion of corporate knowledge is tacit or known at a non-verbal level, and does not lend itself to reuse. This research examines "how" and "why" questions regarding a specific process used for managing and sharing tacit knowledge related to the software development life cycle. The issues related to acquiring, preserving and disseminating the tacit knowledge are discussed in detail, and the advantages and managerial implications of the results of the method are described, together with implications for knowledge workers and managers in other industries.

scholarly journals DevOps phases across Software Development Lifecycle

2021 ◽  
Author(s):  
Mayank Gokarna
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
Implementation Strategy ◽  
Quality Of Services ◽  
Comprehensive Collection ◽  
Development Lifecycle ◽  
Development Life Cycle ◽  
Software Development Lifecycle ◽  
Software Development Life Cycle

DevOps is the combination of cultural mindset, practices, and tools that increases a team's ability to release applications and services at high velocity. The development and operations teams always have a conflict around the scope of responsibility. With these differences the quality and speed of delivery across software Development Life Cycle is negatively impacted. DevOps is about removing the barriers between two traditionally delimited teams, development and operations. With DevOps, these two teams work together to optimize both the productivity of developers and the reliability of operations. They strive to communicate frequently, increase efficiencies, and improve the quality of services they provide. They take full ownership for their services, often beyond where their stated roles or titles have traditionally been scoped. Transitioning to DevOps requires a change in culture and mindset first. It is quite difficult to persuade a whole company to change its culture at once. This paper aims to bring different phases of software development lifecycle into DevOps implementation strategy and presents a comprehensive collection of leading tools used across Software Development life Cycle to automate and integrate different stages of software delivery. This paper also highlights on DevOps practices which span across different phases of the Software Development Lifecycle and how those can be implemented with different tools available.

scholarly journals Green Cloud Computing: E-Commerce Case Study

2021 ◽  
Vol 12 (5) ◽  
pp. 964-970
Author(s):  
Sharefa Murad
Keyword(s):  
Cloud Computing ◽  
Life Cycle ◽  
Distributed Computing ◽  
Software Development ◽  
Major Phase ◽  
Green Cloud Computing ◽  
Development Life Cycle ◽  
Software Development Life Cycle ◽  
Selection Of

Cloud computing is getting probably the most objective, purpose, and dreams in most IT organizations on account of the advantages they are getting by relocating their advancements into it like expense and asset sparing. Green blurring processing is turning into a significant pattern with a solid relationship with distributed computing. It is about green and productivity that won't just prompt a superior business yet in addition a superior world. This paper will discuss a major phase of the software development life cycle, which is an arrangement, and how the selection of sending computerization is superior to the manual one particularly in a manner to make your cloud green.  

scholarly journals Design and Development Website of Research Institute, Case Study: Universitas Negeri Makassar

2017 ◽  
Vol 1 (3) ◽  
Author(s):  
Ansari Saleh Ahmar ◽  
Rusli Rusli ◽  
Nasrul Ihsan
Keyword(s):  
Life Cycle ◽  
Software Development ◽  
System Development ◽  
Implementation Phase ◽  
Initiation Phase ◽  
Phase Development ◽  
Development Life Cycle ◽  
Information Research ◽  
Software Development Life Cycle

Abstract: The aim of this paper was to develop a website of research institue at Universitas Negeri Makassar, that can be accessed by many people to check information about reseach anytime and anywhere without the limit of time and location so that the disclosure of information research can be done. The method used in this research is the Software Development Life Cycle method with the three stages namely Initiation Phase, Development/Acquisition Phase, and Implementation Phase. The development of this information system using PHP and CodeIgniter as a its framework. This system development using PHP programming language and CodeIgniter Framework with MySQL database. Abstrak: Tujuan dari tulisan ini adalah dikembangkannya suatu Website Lembaga Penelitian di Universitas Negeri Makassar yang dapat diakses oleh berbagai pihak yang terkait dengan penelitian kapan saja dan dimana saja tanpa adanya batasan waktu dan lokasi sehingga keterbukaan informasi penelitian dapat terlaksana. Metode yang digunakan pada tulisan ini yaitu Metode Software Development Life Cycle dengan tiga tahapan yaitu fase awal, fase pengembangan, dan fase implementasi. Pengembangan sistem informasi ini menggunakan bahasa pemrograman PHP berbasis pada Framework CodeIgniter dengan basis data MySQL. Keywords: CodeIgniter, Information Systems, Website, Research Insitute, Universitas Negeri Makassar

Sign in / Sign up

Export Citation Format

Share Document