Secure Software Development Lifecycle: A Case for Adoption in Software Smes

Umeugo, Wisdom

doi:10.26483/ijarcs.v14i1.6949

Cited by 4 publications

(9 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The findings suggest that small and medium-sized enterprises (SMEs) may significantly enhance their software security without compromising agility or incurring prohibitive costs. This is crucial, given that small and medium-sized enterprises (SMEs) often work with limited resources and require finding a balance between security and other operational aspects of the business [28].…”

Section: A Secure Software Solutions For Sustainable Smesmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Valdés-Rodríguez,

Hochstetter-Diez,

Diéguez-Rebolledo

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Incorporating security into software development in small and medium-sized enterprises (SMEs) is an increasingly relevant challenge and a crucial necessity, especially in an uncertain and fast-paced environment like that of an agile setting. Given the growing threat of cyberattacks, it is imperative to address this issue. This article examines and subsequently analyzes existing strategies in the literature regarding secure software development in the context of SMEs employing agile methodologies. The study initiates a systematic literature review to identify strategies employed in this context. The findings reveal that 57.9% of the studies present strategies to tackle security in agile software development, with 20.2% specifically focusing on SMEs. Subsequently, practices demonstrating success in integrating security measures into the software development lifecycle (SDLC) are analyzed and categorized. The results underscore the necessity of addressing security in the agile environment, as it remains a significant challenge in software development. Effective approaches are also required for small businesses to ensure application protection and long-term sustainability.INDEX TERMS agile development; security practices; secure development; SMEs; sustainability

show abstract

Section: A Secure Software Solutions For Sustainable Smesmentioning

confidence: 99%

“…Ultimately, the proposal by [31] for the adoption of the Secure Software Development Life Cycle (SSDLC) in software SMEs is a significant advancement. El SSDLC proporciona un enfoque sistemático para integrar medidas de seguridad en todas las fases del proceso de desarrollo de software.…”

Section: A Secure Software Solutions For Sustainable Smesunclassified

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Valdés-Rodríguez,

Hochstetter-Diez,

Diéguez-Rebolledo

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Is a systematic approach to integrating security into the software development process. Typically involves several phases, including requirements analysis, design, coding, testing, deployment, and maintenance [154]. Each phase incorporates security activities such as threat modelling, secure coding practices, security testing, and vulnerability management.…”

Section: Secure Development Lifecycle (Sdl)mentioning

confidence: 99%

Theory and practice in secure software development lifecycle: A comprehensive survey

Otieno¹,

Odera²,

Ounza³

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.

show abstract

“…Например, в финансовых организациях соблюдение сроков является острой проблемой, поскольку рынок финансовых услуг очень динамичный и резко меняется. Кроме того, в соответствии с принципами SSDL (Secure Software Development Lifecycle) [3] и требованиями регуляторов, каждая новая версия разработки ПО обязана проходить проверки ИБ на регулярной основе в рамках аудита защищенности различных АС и для решения задач по анализу отказоустойчивости. Для этого проводится фаззингтестирование (англ.…”

Section: Introductionunclassified

“…Вышеперечисленные решения могут быть эффективно встроены в процесс CI/CD[49], как DevSecOps[50] решения. Они могут использоваться на этапе разработки, тестирования или сопровождения, в соответствии с методологией SSDL[3]. Несмотря на то, что эти решения можно применять сразу ко всей микросервисной архитектуре, было выявлено, что при применении различных сканеров динамического анализа не обеспечивается полное покрытие АС проверками, поскольку сигнатурно, в составе таких решений, анализ производится в основном тестовыми запросами для поиска известных дефектов ИБ (CVE -Common Vulnerabilities and Exposures)[51].…”

unclassified

Fuzzing of Polymorphic Systems within Microsevice Structures

Yurev

2024

Proceedings of ISP RAS

View full text Add to dashboard Cite

Today fuzzing (fuzzing-testing) is the main technique for testing software, systems and code functions. Fuzzing allows identify vulnerabilities or software failures. However, this practice may require the large resources involvement and network performance in large organizations where the number of systems may be large. Developers and information security specialists are simultaneously required to comply with time-to-market deadlines, requirements of various regulators and recommendations of standards. In current paper is proposed new fuzzing method, which is designed to solve the problem above. In current aproach is proposed use fuzzing testing for whole computing network at ones in large organizations if them operate with microservices. Polymorphic systems in this paper are understood like systems that consist of various API (Application Programming Interface) functions that operate with various types of data, not within single software, but inside subsystems with a set of several microservices. In this case, a lot of various network protocols, data types and formats can be used. With such a variety of features, there is a problem of detecting errors or vulnerabilities inside systems, beacause debugging or trace interfaces are not always developed in the microservice softwares. So, in this paper it is proposed to use also the method of collecting and analyzing statistics of time intervals of processing mutated data by microservices. For fuzzing tests, it is proposed to use mutated lists of exploit payloads. Time analyzing between client-server requests and the responses helps to identify patterns that showed the presence of potentially dangerous vulnerabilities. This paper discribes fuzzing of API functions only in the HTTP protocol (Hypertext Transfer Protocol). Current approach does not have a negative impact on the effectiveness of development or deadlines. Methods and solution described in the paper are recommended to be used in large organizations as an additional or basic information security solution in order to prevent critical infrastructure failures and financial losses.

show abstract

Secure Software Development Lifecycle: A Case for Adoption in Software Smes

Cited by 4 publications

References 35 publications

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach

Theory and practice in secure software development lifecycle: A comprehensive survey

Fuzzing of Polymorphic Systems within Microsevice Structures

Contact Info

Product

Resources

About