SecSDM: A Model for Integrating Security into the Software Development Life Cycle

Futcher, Lynn; Solms, Rossouw von

doi:10.1007/978-0-387-73269-5_6

Cited by 17 publications

(22 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hasan et al [17] have also stressed the importance of integrating the SDLC. A model for ensuring security is built into the SDLC has previously been proposed [18], and others have investigated the use of such models, subsequently publishing a case study [19].…”

Section: Implementing Security Into the Software Development Lifecyclmentioning

confidence: 99%

BlackWatch: Increasing Attack Awareness within Web Applications

Hall¹,

Shepherd

Coull

2019

Future Internet

View full text Add to dashboard Cite

Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. Whilst prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behaviour from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyses suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behaviour. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated, and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release.

show abstract

Section: Implementing Security Into the Software Development Lifecyclmentioning

confidence: 99%

BlackWatch: Increasing Attack Awareness within Web Applications

Hall¹,

Shepherd

Coull

2019

Future Internet

View full text Add to dashboard Cite

show abstract

“…This work is an extension of that published in [2]. Where the focus of that paper was on integrating security into the software development life cycle (SDLC), this paper focuses on how to establish information security requirements to ensure the protection of the information assets implicated.…”

Section: Introductionmentioning

confidence: 99%

A Risk-Based Approach to Formalise Information Security Requirements for Software Development

Futcher

Solms

2013

Information Assurance and Security Education and Training

Self Cite

View full text Add to dashboard Cite

Abstract.A primary source of information security problems is often an excessively complex software design that cannot be easily or correctly implemented, maintained nor audited. It is therefore important to establish riskbased information security requirements that can be converted into information security specifications that can be used by programmers to develop securityrelevant code. This paper presents a risk-based approach to formalise information security requirements for software development. Based on a formal, structured risk management model, it focuses on how to establish information security requirements to ensure the protection of the information assets implicated. In this way it hopes to provide some educational guidelines on how risk assessment can be incorporated in the education of software developers.

show abstract

“…Secure programming language selection is the important step to achieve secure implementation phase, through following a secure coding standard and standard guideline, some model suggest that implementation using secure language to achieve secure implementation, like Apvrille and Pourzandi [11], and S2D-ProM [17], where some other suggest to use secure coding standard guideline to achieve secure implementation like MS SDL [4,13], SecSDM [6,30], McGraw's SSDLC process [2], S2D-ProM, CLASP [18], MS SDL goes further and suggests that certain security assurance activities should be performed during implementation.…”

Section: -Security Activity In Implementation Phasementioning

confidence: 99%

“…We must note that all these activities do not guarantee security of software but identify errors and vulnerability. Different models of SDLC models use these activities for testing phase such as the exception of AEGIS [5,31], SSDM [6], and SecSDM [30], all the processes recommend using multiple security assurance methods such as security testing, code reviews, static code analysis.…”

Section: -Ssd Activities For Security Assurance and Testingmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Design Methods for Secure Software Development

Surakhi

Hudaib

Alshraideh

et al. 2017

IJCT

View full text Add to dashboard Cite

I S S N 2 2 7 7 -3061 V o l u m e 1 6 N u m b e r 7 I n t e r n a t i o n a l j o u r n a l o f C o m p u t e r s a n d T e c h n o l o g y 7047 AbstractSoftware provide services that may come with some vulnerabilities or risks. Attackers perform actions that break security of system through threats and cause a failure. To avoid security vulnerability, there are many security-specific concepts that should be determined as requirements during software development life cycle in order to deliver a strong and secure software. This paper first, survey a number of existing processes, life cycle and methodologies needed for developing secure software based on the related published works. It starts by presenting the most relevant Secure Software Development Lifecycles, a comparison between the main security features for each process is proposed. The results of the comparison will give the software developer with a guideline which will help on selecting the best secure process. Second, the paper list a set of the most widely used specification languages with the advantages and disadvantages for each.

show abstract

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

Cited by 17 publications

References 7 publications

BlackWatch: Increasing Attack Awareness within Web Applications

BlackWatch: Increasing Attack Awareness within Web Applications

A Risk-Based Approach to Formalise Information Security Requirements for Software Development

A Survey on Design Methods for Secure Software Development

Contact Info

Product

Resources

About