A Preventive Secure Software Development Model for a Software Factory: A Case Study

Núñez, José Carlos Sancho; Caro, Andrés; Rodríguez, Pilar Vega

doi:10.1109/access.2020.2989113

Cited by 28 publications

(30 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…During the software development process, majority of the security attacks are possible due to implementation flaws such as improper input validation [105], improper authentication and authorization mechanisms [106], improper session management [107], and other vulnerabilities such as Session-Id vulnerable or theft, incorrectly implemented logouts, lock failed attempts per browser session, peer-user session restriction, and log replay feature. All these mishaps compromise the application's intended functionality [11], [48], [108]. However, spoofing [109], tampering, repudiation [110], information disclosure, denial of services [111], elevation of privilege and failure to restrict uniform resource locator (URL) access are some of the most common security issues that hamper the process of secure authorization and authentication [76], [112], [113], [114], [115], [116], [117].…”

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

“…Cross-site scripting, cross-site request forgery, format string problems, code and command injection, auto-complete attribute not enabled have been noted to be some of the software security risks in the deployment phase. On the other hand, software security risks in maintenance phase have been identified as POST change requests for GET, POST directives with invalidated parameters, as well as a database injection vulnerabilities [48], [93], [108], [118]- [123]. Here, incorrect input validation [124] refers to the lack of or incorrect substantiation of input provided by a user via the application's user interface.…”

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

“…Configuration management is an important component during secure maintenance and operation phase [140]. Some of the common software security risks which affect deployment phase of the SDLC have been identified in [1], [48], [62], [136], [140], [142].…”

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

“…The aim of this phase is to find possible bugs and errors in the system and eliminate them. Some of the software security risks during software testing phase of SDLC have been discussed in [48], [86], [146], [147], [148], [149]. As explained in [150], software development iterations are of limited time, often lasting for few weeks.…”

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

“…This ensures that this software is secure. It includes secure SDLC processes and secure software development (SSD) methods [48], [49], [50], [51].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

An investigation into software quality and security: Past research works and existing gaps

Korir¹

2023

Global J. Eng. Technol. Adv.

View full text Add to dashboard Cite

Software security is concerned with the protection of data, facilities and applications from harm that may be occasioned by malware attacks such as password sniffing, viruses and hijacking. It is a system-wide concept that takes into account both security mechanisms such as access control as well as the design for security, such as a robust design that renders software attack complicated. It may encompass building of secure software, which comprises of the designing of software to be attack-resistant, ensuring that software is error-free, and educating software developers, architects, and users about the building of secure artifacts. In this regard, insecure software negatively affects organization’s reputations with customers, partners, and investors. The goal of this paper is to investigate some of the issues that make the software insecure, as well as the approaches that have been developed to boost software quality and security. The outcomes indicate that various models, techniques, frameworks and approaches to software quality have been developed over the recent past. However, only a few of them give reliable evidence for creating secure software applications.

show abstract

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

Section: Causes Of Software Vulnerabilitiesmentioning

confidence: 99%

“…This ensures that this software is secure. It includes secure SDLC processes and secure software development (SSD) methods [48], [49], [50], [51].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An investigation into software quality and security: Past research works and existing gaps

Korir¹

2023

Global J. Eng. Technol. Adv.

View full text Add to dashboard Cite

show abstract

Security risks of global software development life cycle: Industry practitioner's perspective

Khan

Akbar

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

Software security has become increasingly important because the malicious attack and other hacker risks of a computer system have grown popularity in the last few years. As a result, several researchers have examined security solutions as early as the requirement engineering phase. With the growth of the software business and the internet, there is a need to understand the security risks against each phase of the software development life cycle (SDLC). This study aims to empirically investigate and prioritize the risks that could negatively impact the software security aspects of SDLC in the context of global software development (GSD). To achieve the study objectives, we conducted an industrial empirical study to determine the impact of software security threats against each phase of SDLC. Furthermore, the fuzzy analytical hierarchy process (FAHP) was used to prioritize the list of software security risks against the SDLC. The results and analysis of this study provide a ranked‐based decision‐making framework, which assists the practitioners in considering the most critical security risks on priority. The results show “improper plan for secure requirement identification, inception, authentication, authorization, and privacy,” “lack of threat models updating,” “lack of output validation,” “lack of certification in the final release and archive,” and “spoofing” as the top‐ranked security risks of SDLC in GSD. In addition, the application of FAHP is novel in this domain as it is helpful to address multicriteria decision‐making problems.

show abstract

Maturity model for secure software testing

Alam

Mahmood

Alshayeb

et al. 2023

J Software Evolu Process

View full text Add to dashboard Cite

Security is an essential attribute of high‐quality software. However, effectively incorporating security practices into different phases of the software development life cycle (SDLC) remains challenging. Owing to less mature secure testing processes, organizations are prone to ineffective testing practices for defect detection, including severe security‐related failures. Thus, in this study, we present a maturity model for secure software testing (MMSST) to assist software development organizations in improving the secure testing of software applications. We conducted a multivocal literature review and identified 68 primary studies from the formal and gray literature. Then, based on the available evidence, 27 process areas were identified to develop the proposed MMSST. The MMSST includes five main categories: governance, contrive and design, execution, deployment and configuration, and mature. The MMSST was subsequently evaluated using case studies related to practical environments. Results demonstrate that the proposed MMSST is useful for estimating the maturity level of an organization with respect to the secure testing phase of the SDLC. The participants of the case studies also agreed that the proposed MMSST is useful in terms of structure, user satisfaction, and ease of use. We believe that the proposed MMSST can help organizations evaluate and improve software security testing practices. In addition, the proposed MMSST is expected to provide researchers and industry practitioners with an effective foundation for developing new secure testing approaches and tools.

show abstract

A Preventive Secure Software Development Model for a Software Factory: A Case Study

Cited by 28 publications

References 21 publications

An investigation into software quality and security: Past research works and existing gaps

An investigation into software quality and security: Past research works and existing gaps

Security risks of global software development life cycle: Industry practitioner's perspective

Maturity model for secure software testing

Contact Info

Product

Resources

About