检索结果-内蒙古大学图书馆

secure software development: leveraging application call graphs to detect security vulnerabilities

PEERJ COMPUTER SCIENCE 2025年 11卷 e2641-e2641页

作者： Yan, Lei Zhao, Guanghuai Li, Xiaohui Sun, Pengxuan State Grid Beijing Elect Power Co Beijing Peoples R China Beijing Univ Technol Fac Informat Technol Beijing Peoples R China

The inconsistency in software development standards frequently leads to vulnerabilities that can jeopardize an application's cryptographic integrity. This situation can result in incomplete or flawed encryption processes. Vulnerabilities may manifest as missing, bypassed, or improperly executed encryption functions or the absence of critical cryptographic mechanisms, which eventually weaken security goals. This article introduces a thorough method for detecting vulnerabilities using dynamic and static analysis, focusing on a cryptographic function dominance tree. This strategy systematically minimizes the likelihood of integrity breaches in cryptographic applications. A layered and modular model is developed to maintain integrity by mapping the entire flow of cryptographic function calls across various components. The cryptographic function call graph and dominance tree are extracted and subsequently analyzed using an integrated dynamic and static technique. The extracted information undergoes strict evaluation against the anticipated function call sequence in the relevant cryptographic module to identify and localize potential security issues. Experimental findings demonstrate that the proposed method considerably enhances the accuracy and comprehensiveness of vulnerability detection in cryptographic applications, improving implementation security and resilience against misuse vulnerabilities.

关键词： Network security secure software development Authentication Intrusion detection Security vulnerabilities Data protection

来源：评论

学校读者我要写书评

暂无评论

secure software - development by example

引用

IEEE SECURITY & PRIVACY 2005年第4期3卷 10-17页

作者： Apvrille, A Pourzandi, M Trusted Logic Sophia Antipolis France

When trying to incorporate security into a program, software developers face either too much theoretical information that they can't apply or exhaustive and discouraging recommendation lists. This article gives an... 详细信息

关键词： security of data software engineering project life cycle secure software development security life cycle software development computer software software engineering project life cycle Security Data Security software design

来源：评论

学校读者我要写书评

暂无评论

Security Threat and Vulnerability Assessment and Measurement in secure software development

引用

Computers, Materials & Continua 2022年第6期71卷 5039-5059页

作者： Mamoona Humayun NZ Jhanjhi Maram Fahhad Almufareh Muhammad Ibrahim Khalil Department of Information Systems College of Computer and Information SciencesJouf UniversityAl-JoufKSA School of Computer Science and Engineering(SCE) Taylor’s UniversitySelangorMalaysia Department of Computer Science Bahria UniversityIslamabadPakistan

Security is critical to the success of software,particularly in today’s fast-paced,technology-driven *** ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(software development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of *** of the major causes of pervasive vulnerabilities is a failure to prioritize *** the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is *** cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT *** is a need to implement best practices in SDLC to address security at all *** fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and *** proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.

关键词： Security secure software development software development life cycle(SDLC) confidentiality integrity availability

来源：评论

学校读者我要写书评

暂无评论

Evaluation of requirement engineering best practices for secure software development in GSD: An ISM analysis

引用

JOURNAL OF software-EVOLUTION AND PROCESS 2024年第5期36卷

作者： Khan, Rafiq Ahmad Akbar, Muhammad Azeem Rafi, Saima Almagrabi, Alaa Omran Alzahrani, Musaad Northwestern Polytech Univ Sch Software Xian Peoples R China Univ Malakand Dept Comp Sci & IT Software Engn Res Grp Khyber Pakhtunkhwa Pakistan LUT Univ Software Engn Lappeenranta Finland Univ Murcia Dept Informat & Syst Murcia Spain King Abdulaziz Univ Fac Comp & Informat Technol Dept Informat Syst Jeddah Saudi Arabia Al Baha Univ Dept Comp Sci Al Baha Saudi Arabia

Technological advancement makes the world a global village. Security is an evergreen and everlasting area, because of the continuous threat from Hackers and Crackers. The immense use of software systems has modernized human society in every aspect. Thus, it is crucial to devise new processes, techniques, and tools to support teams in the development of secure code from the early stages of the software development process, while potentially reducing the costs and shortening the time to market. Considering the significance of software security, it is important to consider the security practices from the early phase of the software development life cycle (SDLC), that is, requirements engineering (RE). Hence, this study aims to identify and categorize RE practices important to apply for secure software development (SSD) in a geographically distributed development environment. To study the RE practices concerning SSD, we conducted a questionnaire survey with industrial experts in the global software development (GSD) ***, the interpretive structure modeling (ISM) approach was applied to evaluate the relationship between the RE security practice core categories. This paper identifies 70 practices and classifies them into 11 fundamental dimensions (categories) to assist GSD organizations in specifying the requirements for SSD. The ISM results show that the "Awareness of secure Requirement Engineering (SRE)" category has the most decisive influence on the other 10 core categories of the identified RE security practices. With the help of empirical evidence and the ISM approach, this work attempts to identify potential security practices and to give a set of secure RE practices that can be used to improve the security of the software development process.

关键词： empirical study global software development interpretive structure modeling requirement engineering secure software development security practices

来源：评论

学校读者我要写书评

暂无评论

A Preventive secure software development Model for a software Factory: A Case Study

引用

IEEE ACCESS 2020年 8卷 77653-77665页

作者： Sancho Nunez, Jose Carlos Caro Lindo, Andres Garcia Rodriguez, Pablo Univ Extremadura Dept Comp & Telemat Syst Engn ES-10003 Caceres Spain

The number of cyberattacks has greatly increased in in the last years, as well as their sophistication and impact. For this reason, new emerging software development models are demanded, which help in developing secure by default software. To achieve this, the analysis and comparison in depth of the current models of secure software development is especially important. In this paper, a review of the most popular secure software models is presented, and a new secure software methodology is proposed, adapted to all current environments. A practical experiment in a software development company is tested, as a case study, considering data from real software projects. The results are presented and compared in two development scenarios: a classic one with a reactive security approach, and another one, emerging and preventive, that applies security by default in all phases of the software life cycle. In the case study, the total amount of vulnerabilities is reduced by 68,42 & x0025;, decreasing their criticality and the temporal impact of their resolutions. In this way, software security and quality are methodologically improved with the proposed model, proving that the new emerging approach provides a more secure software.

关键词： Security software Testing Training Companies Measurement Modeling Commercial experiment preventive model secure software development vulnerability reduction

来源：评论

学校读者我要写书评

暂无评论

The practice of secure software development in SDLC: an investigation through existing model and a case study

引用

SECURITY AND COMMUNICATION NETWORKS 2016年第18期9卷 5333-5345页

作者： Karim, Nor Shahriza Abdul Albuolayan, Arwa Saba, Tanzila Rehman, Amjad Prince Sultan Univ Coll Comp & Informat Sci Riyadh 11586 Saudi Arabia Al Yamamah Univ Coll Comp & Informat Syst Riyadh 11512 Saudi Arabia

software security is an essential requirement for software systems. However, recent investigation indicates that many software development methodologies do not explicitly include methods for incorporating information security into the software development life cycles (SDLC). This research investigates, using case study, the methodologies being used in software development in Saudi Arabia and describes a model for integrating security into the SDLC. The aim is to identify the appropriate means of introducing security measures much earlier in the SDLC. This model is designed to be an extension to the existing SDLC. For achieving the research objectives and answering the research questions, the research followed a case study research design in an information-based organization. The research identified various important elements as security standards, policies, processes being practiced, and tools used within SDLC projects. In this regard, recommendations and verification were gathered to elicit the actual activities that are appropriate to be conducted at each phase of SDLC. The non-functional security requirements were also found, to the use of fortify and hp alm for source code review and web application testing. Copyright (c) 2016 John Wiley & Sons, Ltd.

关键词： secure software development secure engineering software security

来源：评论

学校读者我要写书评

暂无评论

Driving secure software development Experiences in a Diverse Product Environment

引用

IEEE SECURITY & PRIVACY 2012年第2期10卷 97-101页

作者： Fichtinger, Barbara Paulisch, Frances Panholzer, Peter Siemens Munich Germany

Siemens' central security team drives secure software development across a diverse product portfolio. From factory automation to wind turbines, Siemens builds security in by activities including standardizing roles and responsibilities, threat and risk analysis, and product security risk management across Siemens' 15,000 software developers.

关键词： Siemens secure software development Risk Analysis Threat Analysis software Engineering

来源：评论

学校读者我要写书评

暂无评论

Systematic Literature Review on Security Risks and its Practices in secure software development

引用

IEEE ACCESS 2022年 10卷 5456-5481页

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Khan, Habib Ullah Ilyas, Muhammad Univ Malakand Software Engn Res Grp Dept Comp Sci & IT Chakdara 18800 Pakistan Qatar Univ Coll Business & Econ Dept Accounting & Informat Syst Doha Qatar

Security is one of the most critical aspects of software quality. software security refers to the process of creating and developing software that assures the integrity, confidentiality, and availability of its code, data, and services. software development organizations treat security as an afterthought issue, and as a result, they continue to face security threats. Incorporating security at any level of the software development Life Cycle (SDLC) has become an urgent requirement. Several methodologies, strategies, and models have been proposed and developed to address software security, but only a few of them give reliable evidence for creating secure software applications. software security issues, on the other hand, have not been adequately addressed, and integrating security procedures into the SDLC remains a challenge. The major purpose of this paper is to learn about software security risks and practices so that secure software development methods can be better designed. A systematic literature review (SLR) was performed to classify important studies to achieve this goal. Based on the inclusion, exclusion, and quality assessment criteria, a total of 121 studies were chosen. This study identified 145 security risks and 424 best practices that help software development organizations to manage the security in each phase of the SDLC. To pursue secure SDLC, this study prescribed different security activities, which should be followed in each phase of the SDLC. Successful integration of these activities minimizing effort, time, and budget while delivering secure software applications. The findings of this study assist software development organizations in improving the security level of their software products and also enhancing their security efficiency. This will raise the developer's awareness of secure development practices as well.

关键词： software Security Codes software engineering Testing Systematics Companies software security SDLC security risks and practices secure software development secure software engineering systematic literature review

来源：评论

学校读者我要写书评

暂无评论

secure software development and testing: A model-based methodology

引用

COMPUTERS & SECURITY 2024年 137卷

作者： Casola, Valentina De Benedictis, Alessandra Mazzocca, Carlo Orbinato, Vittorio Univ Naples Federico II Dept Elect Engn & Informat Technol Naples Italy Univ Bologna Dept Comp Sci & Engn Bologna Italy

Modern industries widely rely upon software and IT services, in a context where cybercrime is rapidly spreading in more and more sectors. Unfortunately, despite greater general awareness of security risks and the availability of security tools that can help to cope with those risks, many organizations (especially medium/small-size ones) still lag when it comes to building security into their services. This is mainly due to the limited security skills of common developers/IT project managers and to the typically high costs of security procedures. In fact, while automated tools exist to perform code analysis, vulnerability scanning, or security testing, the manual intervention of security experts is still required not only for security analysis and design, but also to configure and elaborate the output of the security testing tools. In this paper, we propose a novel secure software development methodology aimed at supporting developers from security design to security testing, suitable for integration within modern DevOps pipelines according to a DevSecOps (or SecDevOps) approach. The proposed methodology leverages a model-based process that enables identifying existing threats, selecting appropriate countermeasures to enforce, and verify their mitigation effectiveness through both static assessment procedures and targeted security tests. To demonstrate our approach's feasibility and concretely illustrate the devised activities, we provide a step-by-step description of the whole process concerning a containerized microservice-based application case study. In addition, we discuss the application of the proposed methodology, in its threat modeling and security testing phases, to a well-known vulnerable web application widely used for security training purposes, to illustrate that we can identify most of the existing vulnerabilities and determine appropriate test plans to assess and mitigate such vulnerabilities.

关键词： secure software development SecDevOps methodology DevSecOps methodology Model -based testing Automated security testing plan generation secure containerized microservice applications

来源：评论

学校读者我要写书评

暂无评论

ABET Cybersecurity Continual Course Improvements for secure software development

ABET Cybersecurity Continual Course Improvements for Secure ...

引用

IEEE Frontiers in Education Conference (FIE)

作者： Schmeelk, Suzanna E. Dragos, Denise M. DeBello, Joan E. St Johns Univ Collins Coll Profess Studies CCPS Dept Comp Sci Math & Sci New York NY 11439 USA

ISBN: (纸本)9781665438513

This is an innovative practice full paper. The need to develop software securely cannot be over-emphasized. The changing legal and regulatory international and local landscape for software requirements is astounding. For example, the European Union's General Data Protection Regulation (GDPR), the United States' Health Insurance Portability and Accountability Act (HIPAA), the Chinese Cybersecurity laws, and the credit card industry's Payment Card Industry Data Security Standard (PCI-DSS) are all upholding higher standards for system development and deployment. Such legal and regulatory changes of necessity require modifications and updating in software development methods that must be incorporated into cybersecurity software development courses to properly prepare students for successfully working in the field. To address these and other changes within the computing field, the Accreditation Board for Engineering (ABET) recently proposed preliminary cybersecurity accreditation criteria for which fewer than 20 universities have both applied and become ABET Cybersecurity accredited. The accreditation requires maintaining continuous course improvement in the core courses including a secure software development course. This research first reports on important topics incorporated into a senior-level secure software development for cybersecurity majors. Our research then analyses student Institutional Review Board (IRB) approved surveys to learn which course components could benefit from continuous course improvements. We apply machine learning to help build categories for ABET continual improvement. Finally, we share lessons learned and plans for future work.

关键词： secure software development object oriented programming scripting cybersecurity Java language application development

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：