A Method and Case Study for Using Malware Analysis to Improve Security Requirements

2015 ◽  
Vol 6 (1) ◽  
pp. 1-23 ◽  
Author(s):  
Nancy R. Mead ◽  
Jose Andre Morales ◽  
Gregory Paul Alice
Keyword(s):  
Software Development ◽  
Mobile Application ◽  
Use Cases ◽  
Security Requirements ◽  
Malware Analysis ◽  
Development Lifecycle ◽  
Software Development Lifecycle

In this paper, the authors propose to enhance current software development lifecycle models by implementing a process for including use cases that are based on previous cyberattacks and their associated malware. Following the proposed process, the authors believe that developers can create future systems that are more secure, from inception, by including use cases that address previous attacks. In support of this, the authors present a case study of a malware sample that is used to generate new requirements for a mobile application.

Measuring Security

2021 ◽  
pp. 1303-1330
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

Agile Software Development

2012 ◽  
pp. 1-15
Author(s):  
Torstein Nicolaysen ◽  
Richard Sassoon ◽  
Maria B. Line ◽  
Martin Gilje Jaatun
Keyword(s):  
Software Development ◽  
Agile Software Development ◽  
Agile Development ◽  
Implementation Team ◽  
Agile Methodologies ◽  
Development Organizations ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Agile Software

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack. This case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. The authors contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. This paper suggests two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycle.

scholarly journals A Secure Software Specification Development Strategy for Enterprises : A Case Study Approach

2021 ◽  
pp. 260-266
Author(s):  
Sifat Ali Sathio ◽  
Isma Farah Siddiqui ◽  
Qasim Ali Arain
Keyword(s):  
Software Development ◽  
Web Application ◽  
Assessment Model ◽  
Case Study Approach ◽  
Software Specification ◽  
Study Approach ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Although Security is a non-functional requirement, it is a very essential requirement for software systems, to achieve secure software specification development for enterprises we need to find and fix vulnerabilities in the early phase of SDLC. For the successful achievement of secure software specification development in the software enterprise, the security of software application plays a very vital role. During the software development lifecycle, improper security can lead to thoughtful and serious consequences in any enterprise. In this paper, the case study approach is followed regarding the achievement of a secure web application, finding and fixing vulnerabilities in the early software development lifecycle, and applying the re-engineering process on a developed web application using the best security assessment model considering the literature review. Also, validation of the developed application is done with the help of Penetration testing.

Measuring Security

2018 ◽  
Vol 10 (1) ◽  
pp. 28-53
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters ◽  
Design And Testing

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

scholarly journals Learning from the Case Studies, How Global Software Development Process is executed in an Agile Method Environment

2010 ◽  
Vol 1 (2) ◽  
Author(s):  
Ridi Ferdiana ◽  
Lukito Edi Nugroho ◽  
Paulus Insap Santoso ◽  
Ahmad Ashari
Keyword(s):  
Software Development ◽  
Extreme Programming ◽  
Global Software Development ◽  
Agile Methods ◽  
Analysis Method ◽  
Agile Method ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Unified Process

Abstrak. Belajar dari Studi Kasus, Bagaimana Proses Pengembangan Perangkat Lunak Global Dieksekusi Pada Lingkungan Metode Agile. Tantangan terbesar dalam Software Development Global (GSD) adalah efisiensi waktu untuk mengembangkan. GSD menyediakan panduan untuk menggunakan proses bersama dengan muka seperti proses metode analisis terpadu atau metode air terjun. Meskipun, itu memberikan manfaat melalui dokumentasi yang komprehensif dan kejelasan, ia memberikan menghambat organisasi yang ingin menggunakan GSD tetapi dalam terburu-buru. Metode Agile mengklaim efisien dan pendekatan yang efektif untuk pengembangan perangkat lunak. Makalah ini laporan tentang bagaimana organisasi menggabungkan proses GSD dengan metode tangkas seperti eXtreme Programming (XP), Scrum, Agile Unified Process (UP Agile), Pengembangan Fitur Driven (FDD), dan Microsoft Solusi Kerangka Agile (MSF Agile). Makalah ini menggunakan studi kasus untuk mendapatkan pengalaman organisasi dan menjelaskan praktek yang berguna untuk organisasi yang ingin menerapkan GSD dengan metode tangkas. Kata Kunci: Siklus Hidup Pengembangan Perangkat Lunak, Agile, GSD Abstract. The biggest challenge in Global Software Development (GSD) is the efficiency of time to develop. GSD provides a guidance to use the process along with up-front analysis method like unified process or waterfall method. Although, it gives a benefit through comprehensive documentation and its clearness, it gives inhibits the organization which wants use GSD but in a rush. Agile methods claim an efficient and the effective approach to software development. This paper reports on how organizations combine the GSD process with agile methods like eXtreme Programming (XP), Scrum, Agile Unified Process (Agile UP), Feature Driven Development (FDD), and Microsoft Solution Framework Agile (MSF Agile). The paper uses case study to get organization experiences and describe useful practices for the organization that want to implement GSD with an agile method. Keywords: Software Development Lifecycle, Agile, GSD

scholarly journals Agile Software Development

2010 ◽  
Vol 1 (3) ◽  
pp. 71-85 ◽  
Author(s):  
Torstein Nicolaysen ◽  
Richard Sassoon ◽  
Maria B. Line ◽  
Martin Gilje Jaatun
Keyword(s):  
Software Development ◽  
Agile Software Development ◽  
Agile Development ◽  
Development Effort ◽  
Implementation Team ◽  
Development Organizations ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Agile Software

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack. This case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. The authors contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. This paper suggests two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycle.

A Case Study on Data Vulnerabilities in Software Development Lifecycle Model

2020 ◽  
pp. 13-32
Author(s):  
Syed Muzamil Basha ◽  
Ravi Kumar Poluru ◽  
J. Janet ◽  
S. Balakrishnan ◽  
D. Dharunya Santhosh ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
Sensitive Data ◽  
Customer Data ◽  
Critical Part ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
New Applications

Software security has become a very critical part of our lives. A software developer who has a fundamental understanding of software security can have an advantage in the workplace. In the massive Equifax breach that occurred in 2017 that exposed data of roughly 140 million people, attackers exploited a vulnerability in Apache Struts, CVE-2017-5638, which allows remote attackers to execute arbitrary commands when specially crafting user-controlled data in HTTP headers. Sensitive data exposure issues are essential to know to protect customer data. It is fascinating to understand how attackers can exploit application vulnerabilities to perform malicious activities. The authors also want the reader to be aware of the fact that we should always be thinking about how our applications handle user-controlled data so that we can put guards in place to minimize security issues in the development of new applications.

Sign in / Sign up

Export Citation Format

Share Document