The practice of secure software development in SDLC: an investigation through existing model and a case study

Karim, Nor Shahriza Abdul; Albuolayan, Arwa; Saba, Tanzila; Rehman, Amjad

doi:10.1002/sec.1700

Cited by 47 publications

(30 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hasan et al [17] have also stressed the importance of integrating the SDLC. A model for ensuring security is built into the SDLC has previously been proposed [18], and others have investigated the use of such models, subsequently publishing a case study [19].…”

Section: Implementing Security Into the Software Development Lifecyclmentioning

confidence: 99%

BlackWatch: Increasing Attack Awareness within Web Applications

Hall¹,

Shepherd

Coull

2019

Future Internet

View full text Add to dashboard Cite

Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. Whilst prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behaviour from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyses suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behaviour. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated, and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release.

show abstract

Section: Implementing Security Into the Software Development Lifecyclmentioning

confidence: 99%

BlackWatch: Increasing Attack Awareness within Web Applications

Hall¹,

Shepherd

Coull

2019

Future Internet

View full text Add to dashboard Cite

show abstract

“…Obviously, majority of software products undergoing live testing are vulnerable to threats and mostly fail to provide a secure and safe environment to clients and users. This is due to the lack of systematic evaluations such as systematic reviews, procedures, approaches, or frameworks as these evaluations could help project managers and software engineers to ensure that security processes are continuously followed throughout the software development process, according to a set of predefined procedures or rules (Karim, Albuolayan, Saba, & Rehman, 2016;Mundher, Muhamad, Rehman, Saba, & Kausar, 2014). To efficiently grip the security problems, that are present in during the development of applications, it is necessary to consider security-minded thinking throughout the development processes, which reduces the threats of missing essential security requirements or creating vital faults in software design .…”

Section: Introductionmentioning

confidence: 99%

Systematic Mapping Study Protocol For Secure Software Engineering

Khan¹,

Khan²,

Idris³

2019

The European Proceedings of Social and Behavioural Sciences

View full text Add to dashboard Cite

show abstract

“…Software application developers can add security during any of the six stages of SDLC, and security need not be an afterthought. Studies have shown that software development efforts focus on functionality and usability and do not explicitly include cybersecurity in the SDLC process [7]. Due to competing priorities, software application developers often only focus on what they consider the core functionality and leave out security implementation for later stages [8,9].…”

Section: Software Development Life Cyclementioning

confidence: 99%

“…However, each stage of SDLC lends itself to including security. The following table, adapted from Karim et al [7], shows some ways in which software application developers can incorporate security in each stage of SDLC.…”

Section: Software Development Life Cyclementioning

confidence: 99%

“…The waterfall framework provides an opportunity to include security in all its phases, but there is a risk that security may be overlooked. Studies have shown that software development efforts focus on functionality and usability and can often exclude security in the SDLC process [7]. However, if the success criteria for software development include functionality and usability, as well as security, the software application developers will include it.…”

Section: Waterfall or Traditionalmentioning

confidence: 99%

See 1 more Smart Citation

Choosing the Best-fit Lifecycle Framework while Addressing Functionality and Security Issues

Faizi

Rahman

EPiC Series in Computing

View full text Add to dashboard Cite

Software application development must include implementation of core functionality along with secure coding to contain security vulnerabilities of applications. Considering the life cycle that a software application undergoes, application developers have many opportunities to include security starting from the very first stage of planning or requirement gathering. However, before even starting requirement gathering, the software application development team must select a framework to use for the application’s lifecycle. Based on the application and organizational characteristics, software application developers must select the best-fit framework for the lifecycle. A software application’s functionality and security start with picking the right lifecycle framework.When it comes to application development frameworks, one size does not fit all. Based on the characteristics of the application development organization such as the number of application developers involved, project budget and criticality, and the number of teams, one of the five frameworks will work better than others.Keywords: Software development lifecycle, software functionality, software security, application development, framework security

show abstract

The practice of secure software development in SDLC: an investigation through existing model and a case study

Cited by 47 publications

References 30 publications

BlackWatch: Increasing Attack Awareness within Web Applications

BlackWatch: Increasing Attack Awareness within Web Applications

Systematic Mapping Study Protocol For Secure Software Engineering

Choosing the Best-fit Lifecycle Framework while Addressing Functionality and Security Issues

Contact Info

Product

Resources

About