Mitigating security threats using tactics and patterns

Pedraza-García, Gilberto; Noël, René; Matalonga, Santiago; Astudillo, Hernán; Fernández, Eduardo B.

doi:10.1145/2993412.3007552

Cited by 3 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…"The importance of identifying non-functional security requirements should be stressed more because it aids in the reduction or elimination of software vulnerabilities" [2,62,101]. "Misuse cases are similar to use cases in that they specify what a system should not do, and they are a great way to get security requirements" [98,[101][102][103].…”

Section: Discussionmentioning

confidence: 99%

“…In this stage, it is important to monitor responses to flaws and vulnerabilities of the system to check for newly evolved security threats. "After identifying new security risks, the same should be included in the requirement stage for further security improvements in subsequent releases" [67,103]. "Static analysis and peer review are two useful procedures for mitigating or minimizing newly discovered vulnerabilities" [14].…”

Section: Discussionmentioning

confidence: 99%

“…Cookie poisoning" "Vulnerability-oriented architectural research provides a systematic and thorough approach to evaluating a wide variety of possible vulnerabilities, but it is time-consuming and costly" [103]. For estimating the severity and cost of security threats, the following management and stakeholder considerations may be considered [90,103,104]: i.…”

Section: ) Improper Authorization and Authentication (Freq 63/121)mentioning

confidence: 99%

“…"After the software is deployed into its operational environment, it is important to monitor responses to flaws and vulnerabilities of the system to check for new evolved security patterns" [67,103]. "After identifying new security patterns, the same should bed included in the requirement stage for further security improvements in subsequent releases" [67,103]. "Static analysis and peer review are two useful procedures for mitigating or minimizing newly discovered vulnerabilities" [14].…”

Section: ) Best Practices For Deploying Secure Softwarementioning

confidence: 99%

See 3 more Smart Citations

Systematic Literature Review on Security Risks and its Practices in Secure Software Development

Khan

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Security is one of the most critical aspects of software quality. Software security refers to the process of creating and developing software that assures the integrity, confidentiality, and availability of its code, data, and services. Software development organizations treat security as an afterthought issue, and as a result, they continue to face security threats. Incorporating security at any level of the Software Development Life Cycle (SDLC) has become an urgent requirement. Several methodologies, strategies, and models have been proposed and developed to address software security, but only a few of them give reliable evidence for creating secure software applications. Software security issues, on the other hand, have not been adequately addressed, and integrating security procedures into the SDLC remains a challenge. The major purpose of this paper is to learn about software security risks and practices so that secure software development methods can be better designed. A systematic literature review (SLR) was performed to classify important studies to achieve this goal. Based on the inclusion, exclusion, and quality assessment criteria, a total of 121 studies were chosen. This study identified 154 security risks and 424 best practices that help software development organizations to manage the security in each phase of the SDLC. To pursue secure SDLC, this study prescribed different security activities, which should be followed in each phase of the SDLC. Successful integration of these activities minimizing effort, time, and budget while delivering secure software applications. The findings of this study assist software development organizations in improving the security level of their software products and also enhancing their security efficiency. This will raise the developer's awareness of secure development practices as well.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: ) Improper Authorization and Authentication (Freq 63/121)mentioning

confidence: 99%

Section: ) Best Practices For Deploying Secure Softwarementioning

confidence: 99%

See 2 more Smart Citations

Systematic Literature Review on Security Risks and its Practices in Secure Software Development

Khan

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…On the other hand, some of the most common malware attacks include viruses, trojan virus, brute force attack, DNS hijacking, replay attacks [97], denial of service, flooding attacks, slicing attacks and cookie poisoning. These attacks negatively affect the processes of secure software development [11], [13], [98], [99]. In MITRE's Common Vulnerabilities Exposures database, the latest classification of common defects by type is provided.…”

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

An investigation into software quality and security: Past research works and existing gaps

Korir¹

2023

Global J. Eng. Technol. Adv.

View full text Add to dashboard Cite

Software security is concerned with the protection of data, facilities and applications from harm that may be occasioned by malware attacks such as password sniffing, viruses and hijacking. It is a system-wide concept that takes into account both security mechanisms such as access control as well as the design for security, such as a robust design that renders software attack complicated. It may encompass building of secure software, which comprises of the designing of software to be attack-resistant, ensuring that software is error-free, and educating software developers, architects, and users about the building of secure artifacts. In this regard, insecure software negatively affects organization’s reputations with customers, partners, and investors. The goal of this paper is to investigate some of the issues that make the software insecure, as well as the approaches that have been developed to boost software quality and security. The outcomes indicate that various models, techniques, frameworks and approaches to software quality have been developed over the recent past. However, only a few of them give reliable evidence for creating secure software applications.

show abstract

Security Assurance Model of Software Development for Global Software Development Vendors

Khan

Alzahrani

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Mitigating security threats using tactics and patterns

Cited by 3 publications

References 13 publications

Systematic Literature Review on Security Risks and its Practices in Secure Software Development

Systematic Literature Review on Security Risks and its Practices in Secure Software Development

An investigation into software quality and security: Past research works and existing gaps

Security Assurance Model of Software Development for Global Software Development Vendors

Contact Info

Product

Resources

About