Capturing security requirements for software systems

El-Hadary, Hassan; El-Kassas, Sherif

doi:10.1016/j.jare.2014.03.001

Cited by 35 publications

(15 citation statements)

References 10 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This practical approach is currently adopted by most of the security practitioners. In essence, the integration of security strategies as a security framework while writing the source code would allow any security anomalies to be detected and fixed well before the software application is released (El-Hadary and El-Kassas, 2014). The framework will also allow the code to be audited for conformance which, as a result, will not only provide greater security but will also save time, costs and resources which might be incurred on redevelopment or patching of the software application once it is released.…”

Section: Discussionmentioning

confidence: 99%

Securing Web Applications through a Framework of Source Code Analysis

Agrawal¹,

Alenezi²,

Kumar³

et al. 2019

Journal of Computer Science

View full text Add to dashboard Cite

Source code analysis is becoming extremely important for the universal acceptance of web applications because the automated source code analysis tools play a key role in identifying and fixing security-related vulnerabilities. This paper proposes a framework for securing web applications through source code analysis. The framework has three prescriptive phases including executing and monitoring, classifying and controlling and refining and managing. The framework helps to examine the web application source code related to security issues. The executing and monitoring phase employs five different open source tools for statically analyzing the source code. According to the literature, there are nine broad categories of vulnerabilities in web applications. After filtration of these vulnerabilities, classifying and controlling phase categorize the vulnerabilities according to their severity level with the help of fuzzy analytical analysis process and suggestive measures. The refining and managing phase takes these measures and suggests changes to the source code to make it more secure. This framework was validated through a web-based hospital management system. The results of the validation showed that the framework implementation made the source code more robust towards the upcoming vulnerabilities and bugs.

show abstract

Section: Discussionmentioning

confidence: 99%

Securing Web Applications through a Framework of Source Code Analysis

Agrawal¹,

Alenezi²,

Kumar³

et al. 2019

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…Security and integrity was the key issue handled but it lacked reliability. H.El-Hadary et al [13] describes a methodology in which security catalog is made with the help of previous security knowledge. This methodology based on reusing of previous knowledge.…”

Section: Discussionmentioning

confidence: 99%

Quality Assurance of Security Requirement Engineering in Socio- Technical Systems

Zainab¹,

Ashfaq²,

Sirshar³

2015

IJCA

View full text Add to dashboard Cite

Quality assurance is a continuous process to check whether specified requirements are being fulfilled by a system or service. Quality assurance checks for the defects before they get into the final product. In this research a comprehensive survey of various literatures has been carried out to ensure quality standards. Different quality assurance techniques have been employed in this research that help in improving the quality of the socio technical systems from the perspective of security requirement engineering. The analysis of various type of literature reveals that after applying techniques presented in the literature review shows improvement in the performance of the socio technical systems. Tropos, SeeCo (Security via commitments), formative user centered evaluation technique, three-layer framework, Si*(Secure i*) ontology are the different techniques discussed throughout the research that ensures the quality standards. Some of the quality evaluation tools like STStool and STS-ml are also used in the research for quality assurance.This research also assesses the improvements of security requirement engineering in socio technical systems after applying Quality evaluation techniques.

show abstract

“…The questions were carefully crafted to explore Agile RE practices and developed in accordance with the study aim. The issues chosen for the interviews were outlined in the literature review in studies such as [3,4,8,10,15,18,20,27].…”

Section: Setting and Methodologymentioning

confidence: 99%

“…Assess the risk for the project if the requirement is implemented. [4] requirements to protect the system from potential attacks [8]. These frameworks vary in how security requirements are derived.…”

Section: Riskmentioning

confidence: 99%

“…Researchers agree that there is a lack of empirical studies on how companies are conducting RE in Agile Software Development and much more research is required in this critical area [4,8,9,10]. In order to close the research gap, there is a need to conduct an in-depth analysis of Agile RE practices to assess their impact on the development of high quality software apps that are safe to use.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Investigating Agile Requirements Engineering Practices in the South African Software Development Market

Naicker

Maharaj

2020

CIT. J. comput. inf. technol

View full text Add to dashboard Cite

The aim of this research study was to assess Agile RE practices in the South African software development industry and investigate secure Agile RE initiatives towards developing secure products. This qualitative research study was contextualized in seventeen South African software development companies. The researchers used structured interviews and document reviews as the primary data collection instruments. Qualitative data was analyzed inductively using content analysis. Emanating from the research were recommendations to guide a regular software developer on good Agile RE practices. The study concluded that although Agile Software Development is practiced in the South African software industry, there needs to be stricter adherences to the Agile Manifesto and Agile Security Manifesto in requirements engineering.

show abstract

Capturing security requirements for software systems

Cited by 35 publications

References 10 publications

Securing Web Applications through a Framework of Source Code Analysis

Securing Web Applications through a Framework of Source Code Analysis

Quality Assurance of Security Requirement Engineering in Socio- Technical Systems

Investigating Agile Requirements Engineering Practices in the South African Software Development Market

Contact Info

Product

Resources

About