Building Secure Software Using XP

Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for security design and development; security is usually an afterthought activity. This paper discusses the integration of XP with security activities based on the CLASP (Comprehensive Lightweight Application Security Process) methodology. This integration will help developers using XP develop secure software by applying security measures in all phases and activities, thereby minimizing the security vulnerabilities exploited by attackers.

Download Full-text

Software Systems Security Vulnerabilities Management by Exploring the Capabilities of Language Models Using NLP

Computational Intelligence and Neuroscience ◽

10.1155/2021/8522839 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Raghavendra Rao Althar ◽

Debabrata Samanta ◽

Manjit Kaur ◽

Abeer Ali Alnuaim ◽

Nouf Aljaffan ◽

...

Keyword(s):

Software Development ◽

Data Science ◽

Software Security ◽

Language Modeling ◽

Language Models ◽

Software Systems ◽

Software System ◽

Security Vulnerabilities ◽

Systems Security ◽

Secure Software

Security of the software system is a prime focus area for software development teams. This paper explores some data science methods to build a knowledge management system that can assist the software development team to ensure a secure software system is being developed. Various approaches in this context are explored using data of insurance domain-based software development. These approaches will facilitate an easy understanding of the practical challenges associated with actual-world implementation. This paper also discusses the capabilities of language modeling and its role in the knowledge system. The source code is modeled to build a deep software security analysis model. The proposed model can help software engineers build secure software by assessing the software security during software development time. Extensive experiments show that the proposed models can efficiently explore the software language modeling capabilities to classify software systems’ security vulnerabilities.

Download Full-text

Security Modeling for Web Based Visitor‘s Login System for Pursuance of Security Design Pattern

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.a4580.119119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 982-991

Keyword(s):

Software Development ◽

Design Pattern ◽

Early Stage ◽

Quality Parameters ◽

Security Requirements ◽

Design Parameters ◽

Design Decision ◽

Security Design ◽

Final Design ◽

Use Of Internet

In recent years because of the widespread use of internet and other communication media security occurrences have broken all the barricades. System gets attacked by malicious attackers and various cyber criminalities. Every system should be built by taking security as a main priority while building a system so as to make it reliable, safety and also it should be enhanced with other quality parameters. Hence since beginning at every phase of software development till the implementation of the software, security aspect is needed to take into consideration before making the final design decision to avoid the expenses which may incur while recovering of the system after the damage. For attainment of this, it is must to integrate the security at each phase of the software development. The software developers insists on incorporating the software safeguards at the design phase which may wind up in identifying the architecture restrictions related with the security which in fact may not be necessary. To reduce this problem, this paper intends a structure for security development activities. These activities consist of security requirements identification and threats analysis which are to be converted into design decisions to lessen the risks to identified important assets. The recognized design parameters are then manually prioritized using VOSREP and CRAMM and accordingly Security design pattern is to be developed to incorporate security in the software. By manually calculating values of assets and prioritizing will help to identify the security requirements at the early stage of the software development life cycle. Accordingly the decisions for developing the security design pattern are to be taken for building the software system

Download Full-text

Checklist Usage in Secure Software Development

10.5121/csit.2021.112322 ◽

2021 ◽

Author(s):

Zhongwei Teng ◽

Jacob Tate ◽

William Nock ◽

Carlos Olea ◽

Jules White

Keyword(s):

Software Development ◽

Large Volume ◽

Cyber Security ◽

Process Research ◽

Software Developers ◽

Security Vulnerabilities ◽

Secure Coding ◽

Secure Software ◽

Secure Software Development ◽

Human Factors Research

Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.

Download Full-text

PERANGKAT LUNAK KOMPUTER

10.31219/osf.io/ujhn6 ◽

2020 ◽

Author(s):

Yosi sinta deby

Keyword(s):

Software Development ◽

Education Quality ◽

Quality Of Education ◽

Software Development Methodologies

ABSTRAKPerkembangan teknologi pada computer sangatlah pesat seiring dengan perkembangan software nya yang sering digunakan. Salah satu ialah dalam bidang pendidikan , komputer ini sangatlah berperan penting. Sekarang banyak sekali software yang sudah tersedia untuk mendukung dan meningkatkan mutu kualitas pendidikan. Tulisan ini akan mengkaji bagaimana komputer digunakan sebagai media pembelajaran, metodologi perkembangan perangkat lunak.ABSTRACTThe development of technology on computers is very rapid along with the development of software that is often used. One is in the field of education, this computer is very important. Now a lot of software is available to support and improve the quality of education quality. This paper will examine how computers are used as learning media, software development methodologies.

Download Full-text

COMPARATIVE ANALYSIS OF SOFTWARE DEVELOPMENT METHODOLOGIES FOR SECURITY REQUIREMENT ANALYSIS: TOWARDS HEALTHCARE SECURITY PRACTICE

Proceedings of the 13 th IADIS International Conference Information Systems 2020 ◽

10.33965/is2020_202006l009 ◽

2020 ◽

Author(s):

Prosper Yeng ◽

Stephen Wolthusen ◽

Bian Yang

Keyword(s):

Comparative Analysis ◽

Software Development ◽

Requirement Analysis ◽

Security Requirement ◽

Software Development Methodologies

Download Full-text

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

10.2196/preprints.17896 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira

Keyword(s):

Information Systems ◽

Identity Management ◽

Personal Data ◽

Public Hospitals ◽

Hospital Environment ◽

Security Measures ◽

Eu Member States ◽

Security Issues ◽

Management Processes ◽

Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Download Full-text

Analysis of the Principles and Criteria for Secure Software Development

2020 28th National Conference with International Participation (TELECOM) ◽

10.1109/telecom50385.2020.9299567 ◽

2020 ◽

Author(s):

Roumen Trifonov ◽

Ognian Nakov ◽

Galya Pavlova ◽

Slavcho Manolov ◽

Georgy Tsochev ◽

...

Keyword(s):

Software Development ◽

Secure Software ◽

Secure Software Development

Download Full-text

A Robot Operating System Framework for Secure UAV Communications

Sensors ◽

10.3390/s21041369 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1369

Author(s):

Hyojun Lee ◽

Jiyoung Yoon ◽

Min-Seong Jang ◽

Kyung-Joon Park

Keyword(s):

Operating System ◽

Unmanned Aerial Vehicles ◽

Ground Control ◽

Unmanned Aerial System ◽

Security Framework ◽

Security Vulnerabilities ◽

Robot Operating System ◽

Security Issues ◽

Aerial Vehicles ◽

Ground Control Station

To perform advanced operations with unmanned aerial vehicles (UAVs), it is crucial that components other than the existing ones such as flight controller, network devices, and ground control station (GCS) are also used. The inevitable addition of hardware and software to accomplish UAV operations may lead to security vulnerabilities through various vectors. Hence, we propose a security framework in this study to improve the security of an unmanned aerial system (UAS). The proposed framework operates in the robot operating system (ROS) and is designed to focus on several perspectives, such as overhead arising from additional security elements and security issues essential for flight missions. The UAS is operated in a nonnative and native ROS environment. The performance of the proposed framework in both environments is verified through experiments.

Download Full-text

Secure Software Development in the Era of Fluid Multi-party Open Software and Services

2021 IEEE/ACM 43rd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER) ◽

10.1109/icse-nier52604.2021.00027 ◽

2021 ◽

Author(s):

Ivan Pashchenko ◽

Riccardo Scandariato ◽

Antonino Sabetta ◽

Fabio Massacci

Keyword(s):

Software Development ◽

Secure Software ◽

Secure Software Development

Download Full-text