The Application of a New Secure Software Development Life Cycle (S-SDLC) with Agile Methodologies

Mohino, Juan de Vicente; Higuera, Javier Bermejo; Higuera, Juan Ramón Bermejo; Sicilia, Juan Antonio

doi:10.3390/electronics8111218

Cited by 59 publications

(48 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Penetration testing, fuzz testing, security testing, and dynamic analysis are the four pillars of testing in secure agile models. 27 Mohino suggests ethical hacking, which covers penetration test as well. MSSDL-A has fuzz testing at four different levels.…”

Section: Testingmentioning

confidence: 99%

Synthesizing secure software development activities for linear and agile lifecycle models

et al. 2022

View full text Add to dashboard Cite

Application security is an important concern, and security activities to support software development lifecycle processes, such as specification, design, implementation, and testing are increasingly in need. Despite the plethora of knowledge available for secure software development in online and books, software systems are seldom secure as developers lack security knowledge. The primary reason for this paradox is the diversity and overwhelming nature of the available security knowledge. In this article, we propose to synthesize the well-known secure software development practices for both linear and agile lifecycle models. Using the MediaWiki platform, we make this knowledge available to software developers and designers from a single source.

show abstract

Section: Testingmentioning

confidence: 99%

Synthesizing secure software development activities for linear and agile lifecycle models

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Despite this problem, security code analysis can reduce the review code effort [26]. SAST tools are considered the most important security activity within a SSDLC [13].…”

Section: Static Analysis Security Testingmentioning

confidence: 99%

“…Sometimes they have limited budgets. These cases often make them forget an essential component within the It is necessary to establish in the organizations a Software Development Life Cycle (SSDLC), as defined in the work of Vicente et al [13], in order to standardize the use of SAST, DAST and IAST tools with the objective of deploying in production web applications as secure as possible.…”

Section: Introductionmentioning

confidence: 99%

On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

Tudela

Higuera

et al. 2020

Applied Sciences

View full text Add to dashboard Cite

The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.

show abstract

“…A Mohaisen talks about antivirus malware identification methods with the help of machine level method for better results [19]. There are many other papers [20,21,22] related to machine level approaches for identification, classification, and analysis of malware. Table II combines the approaches with the application of research papers.…”

Section: B Technique Analysismentioning

confidence: 99%

Malware Analysis in Web Application Security: An Investigation and Suggestion

Pandey¹,

Alsolami²

2020

IJACSA

View full text Add to dashboard Cite

Malware analysis is essentially used for the identification of malware and its objectives. However, the present era has seen the process of malware analysis being used for enhancing security methods for different domains of technology. This study has attempted to analyze the current situation and status of malware analysis in web application security through some objectives. These objectives helps the authors to analyze the purpose, used methodology of malware analysis in web application security previously as well as authors select and find a prioritized technique of malware analysis through a hybrid multi criteria decision making procedure called fuzzy-Analytical Hierarchy Process. This fuzzy-AHP methodology helps the authors to find and recommend a most prioritized malware analysis techniques and type as well as suggest a ranking of various malware analysis techniques that used in web application security frequently for experts and developers use. Furthermore, second section of paper forecast the attack statistics and publication statistics of malwares and malware analysis in web application security respectively for understanding the sensitivity of topic and need of investigation. The proposed tactic intends to be an effective reckoner for web developers and facilitate in malware analysis for securing web applications. Additionally, the study also forecast the publication and attack scenario of malware and malware analysis for web application security that gives a complimentary overview of domain.

show abstract

The Application of a New Secure Software Development Life Cycle (S-SDLC) with Agile Methodologies

Cited by 59 publications

References 12 publications

Synthesizing secure software development activities for linear and agile lifecycle models

Synthesizing secure software development activities for linear and agile lifecycle models

On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

Malware Analysis in Web Application Security: An Investigation and Suggestion

Contact Info

Product

Resources

About