A Survey on Design Methods for Secure Software Development

Surakhi, Ola; Hudaib, Amjad; Alshraideh, Mohammad; Khanafseh, Mohammad

doi:10.24297/ijct.v16i7.6467

Cited by 12 publications

(2 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This has come to be appreciated by researchers and practitioners as Secure Software Engineering (SSE). These practices have been incorporated into the general SDLCs by some approaches, including Microsoft Security Development Lifecycle (SDL) [16], McGraw's Touchpoints [17], and Comprehensive Lightweight Application Security Process (CLASP) from Open Web Application Security Project (OWASP) organization [18].…”

Section: Secure Software Development Conceptsmentioning

confidence: 99%

Security-aware Mobile Application Development Lifecycle (sMADLC)

Wambua¹

2023

IJEME

View full text Add to dashboard Cite

With the high mobile phone penetration and subsequent significant usage of mobile phone applications, mobile users have become prime targets of hackers. Secure Software Development (SSD) advocates incorporating security aspects at the initial stages of software development. This study proposes a novel Mobile Application Development Lifecycle by reviewing SSD concepts and incorporating these concepts into MADLC-a mobile-focused software development lifecycle to create a security-aware Mobile Application Development Lifecycle (sMADLC). The proposed development lifecycle, sMADLC, can potentially help mobile application developers create secure software that can withstand hacker aggression and assure mobile application users of the confidentiality, integrity and availability of their data and systems.

show abstract

Section: Secure Software Development Conceptsmentioning

confidence: 99%

Security-aware Mobile Application Development Lifecycle (sMADLC)

Wambua¹

2023

IJEME

View full text Add to dashboard Cite

show abstract

“…The input data of a system is subjected to several logical or algorithmic processes that together create the information which is available to the user. One of the main risks of the systems is the security of its data, which cannot be effective unless the software design describes procedures and controls that ensure veracity and consistency in the entered data (Alhazmi et al, 2005;Rehman and Mustafa, 2009;Surakhi et al, 2017). From the auditor's point of view, the role played by the auditor is crucial within the organization, both in the software development process and in the planning and structure, in addition to ensuring that applications are built correctly and appropriately as agreed by the specialists, the project manager and the software engineering process (Fowler and Rifkin, 1990;Humphrey, 1988;Ross et al, 1975).…”

Section: Software Engineering Process 31 General Characteristicsmentioning

confidence: 99%

The Audit Process in Companies That Implement Software Engineering Projects

Mellado

Ugalde

Blanco

2020

IJEBAR

View full text Add to dashboard Cite

The use of technological resources and software has become standardized in today's society, which is why there is a need to be able to update according to the requirements that the market and industry demand from companies that develop products through a software engineering process. The role of the auditor is extremely important since he is the one who must make sure that everything is controlled and that the required needs are being fulfilled, as well as he is concerned about the security of the entities and their internal background. In this context, it is necessary to constantly improve the auditor's procedures and the legislation that regulates them, since the multiple frauds that companies suffer in terms of information obtained easily and quickly, without any major control, are well known, and it is here where care must be taken in order to reduce the levels of violations of access to unauthorized information assets. The objective of this paper is to present everything that surrounds the process of auditing requirements of software engineering projects, both generically and specifically in projects in particular the financial area, generally covering everything that is present in a software engineering project considering the need, what is obtained from them and why they arise in organizations.

show abstract

A framework for formal analysis and simulative evaluation of security attacks in wireless sensor networks

Bernardeschi

Dini

Palmieri

et al. 2021

J Comput Virol Hack Tech

View full text Add to dashboard Cite

When designing Wireless Sensor Networks it is important to analyze their security risks and provide adequate solutions for protecting them from malicious attacks. Unfortunately, perfect security cannot be achieved, for performance reasons. Therefore, designers have to devise security priorities, and select security mechanisms accordingly. However, in the early stages of the design process, the concrete effects of security attacks on the system may not be clearly identified. In this paper, we propose a framework that integrates formal verification and network simulation for enabling designers to evaluate the effects of attacks, identify possible security mechanisms, and evaluate their effectiveness, since design time. Formal methods are used to build the abstract model of the application, together with a set of attacks, and to state properties of general validity. The simulator measures the impact of the attacks in terms of common network parameters, like energy consumption or computational effort. Such information can be used to select adequate security mechanisms, then the initial abstract model can be refined to adopt them, and finally prove that former system properties are still verified. The framework relies on UPPAAL for formal modeling and verification and uses the Attack Simulation Framework on top of Castalia as a network simulator. As proof of concept, a case study is shown.

show abstract

A Survey on Design Methods for Secure Software Development

Cited by 12 publications

References 34 publications

Security-aware Mobile Application Development Lifecycle (sMADLC)

Security-aware Mobile Application Development Lifecycle (sMADLC)

The Audit Process in Companies That Implement Software Engineering Projects

A framework for formal analysis and simulative evaluation of security attacks in wireless sensor networks

Contact Info

Product

Resources

About