scholarly journals A Secure Software Specification Development Strategy for Enterprises : A Case Study Approach

2021 ◽  
pp. 260-266
Author(s):  
Sifat Ali Sathio ◽  
Isma Farah Siddiqui ◽  
Qasim Ali Arain
Keyword(s):  
Software Development ◽  
Web Application ◽  
Assessment Model ◽  
Case Study Approach ◽  
Software Specification ◽  
Study Approach ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Although Security is a non-functional requirement, it is a very essential requirement for software systems, to achieve secure software specification development for enterprises we need to find and fix vulnerabilities in the early phase of SDLC. For the successful achievement of secure software specification development in the software enterprise, the security of software application plays a very vital role. During the software development lifecycle, improper security can lead to thoughtful and serious consequences in any enterprise. In this paper, the case study approach is followed regarding the achievement of a secure web application, finding and fixing vulnerabilities in the early software development lifecycle, and applying the re-engineering process on a developed web application using the best security assessment model considering the literature review. Also, validation of the developed application is done with the help of Penetration testing.

Assimilating and Optimizing Software Assurance in the SDLC

2012 ◽  
pp. 16-34
Author(s):  
Aderemi O. Adeniji ◽  
Seok-Won Lee
Keyword(s):  
Software Development ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle ◽  
Software Processes ◽  
Software Lifecycle ◽  
Software Assurance

Software Assurance is the planned and systematic set of activities that ensures software processes and products conform to requirements while standards and procedures in a manner that builds trusted systems and secure software. While absolute security may not yet be possible, procedures and practices exist to promote assurance in the software lifecycle. In this paper, the authors present a framework and step-wise approach towards achieving and optimizing assurance by infusing security knowledge, techniques, and methodologies into each phase of the Software Development Lifecycle (SDLC).

Agile Software Development

2012 ◽  
pp. 1-15
Author(s):  
Torstein Nicolaysen ◽  
Richard Sassoon ◽  
Maria B. Line ◽  
Martin Gilje Jaatun
Keyword(s):  
Software Development ◽  
Agile Software Development ◽  
Agile Development ◽  
Implementation Team ◽  
Agile Methodologies ◽  
Development Organizations ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Agile Software

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack. This case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. The authors contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. This paper suggests two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycle.

scholarly journals Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

2016 ◽  
Author(s):  
Paulina Silva ◽  
René Noël ◽  
Santiago Matalonga ◽  
Hernán Astudillo ◽  
Diego Gatica ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
The Other ◽  
Software Systems ◽  
Security Threats ◽  
Controlled Experiments ◽  
Systematic Mapping ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

Integrating Tagging Software in Web Application

2018 ◽  
pp. 46-67
Author(s):  
Karan Gupta ◽  
Anita Goel
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Design Phase ◽  
Design Document ◽  
Software Estimation ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Logical Design

Tag software is included in web applications to facilitate categorization and classification of information. Generally, freely available tag software is adapted or new code written to incorporate tagging. However, there is an absence of requirement and design document for tagging, even academically. It becomes difficult to know the features that can be included in tag software; also, not all features may be required. This chapter presents a framework for integration of tag software in web applications. The framework has four components corresponding to phases of the software development lifecycle. For requirement, a weighted requirement checklist is presented to ease requirement selection. A metric, software estimation, is defined for quantifying selected requirement. A logical design defined for design phase displays interaction of entities with users. For development, best mechanisms are suggested to web applications. Software engineering artefacts are provided to help during testing. A case study is presented where estimation and design is applied to freely available tag software.

Measuring Security

2021 ◽  
pp. 1303-1330
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

scholarly journals Learning from the Case Studies, How Global Software Development Process is executed in an Agile Method Environment

2010 ◽  
Vol 1 (2) ◽  
Author(s):  
Ridi Ferdiana ◽  
Lukito Edi Nugroho ◽  
Paulus Insap Santoso ◽  
Ahmad Ashari
Keyword(s):  
Software Development ◽  
Extreme Programming ◽  
Global Software Development ◽  
Agile Methods ◽  
Analysis Method ◽  
Agile Method ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Unified Process

Abstrak. Belajar dari Studi Kasus, Bagaimana Proses Pengembangan Perangkat Lunak Global Dieksekusi Pada Lingkungan Metode Agile. Tantangan terbesar dalam Software Development Global (GSD) adalah efisiensi waktu untuk mengembangkan. GSD menyediakan panduan untuk menggunakan proses bersama dengan muka seperti proses metode analisis terpadu atau metode air terjun. Meskipun, itu memberikan manfaat melalui dokumentasi yang komprehensif dan kejelasan, ia memberikan menghambat organisasi yang ingin menggunakan GSD tetapi dalam terburu-buru. Metode Agile mengklaim efisien dan pendekatan yang efektif untuk pengembangan perangkat lunak. Makalah ini laporan tentang bagaimana organisasi menggabungkan proses GSD dengan metode tangkas seperti eXtreme Programming (XP), Scrum, Agile Unified Process (UP Agile), Pengembangan Fitur Driven (FDD), dan Microsoft Solusi Kerangka Agile (MSF Agile). Makalah ini menggunakan studi kasus untuk mendapatkan pengalaman organisasi dan menjelaskan praktek yang berguna untuk organisasi yang ingin menerapkan GSD dengan metode tangkas. Kata Kunci: Siklus Hidup Pengembangan Perangkat Lunak, Agile, GSD Abstract. The biggest challenge in Global Software Development (GSD) is the efficiency of time to develop. GSD provides a guidance to use the process along with up-front analysis method like unified process or waterfall method. Although, it gives a benefit through comprehensive documentation and its clearness, it gives inhibits the organization which wants use GSD but in a rush. Agile methods claim an efficient and the effective approach to software development. This paper reports on how organizations combine the GSD process with agile methods like eXtreme Programming (XP), Scrum, Agile Unified Process (Agile UP), Feature Driven Development (FDD), and Microsoft Solution Framework Agile (MSF Agile). The paper uses case study to get organization experiences and describe useful practices for the organization that want to implement GSD with an agile method. Keywords: Software Development Lifecycle, Agile, GSD

Sign in / Sign up

Export Citation Format

Share Document