Secure Software Development Research Papers (original) (raw)

• Top Papers
• Most Cited Papers
• Most Downloaded Papers
• Newest Papers
• People

This article presents the information technology path, the need for information protection, alarming data on information security incidents and proposes means that aim at reducing neglect and gaining vigilance over information security... more

This article presents the information technology path, the need for information protection, alarming data on information security incidents and proposes means that aim at reducing neglect and gaining vigilance over information security contexts. A proposal establishes generalized awareness through rewards. A methodology ensures safety prevention and involvement in IT activities, such as in projects and solutions.

• • by
  • •
  • Information Security, Secure Software Development, IT Security, OWASP
• • by Daniel Berry and +1
  • •
  • Computer Science, Artificial Intelligence, Computer Engineering, Natural Language Processing

A sample "Secure Software Development" policy for organizations implementing PCI DSS interfaces.

• • by Sumit Dadhwal
  • •
  • Secure Development and Programming, Secure Software Development, Secure Software Engineering, Secure Software Developement Life Cycle

Browsers are essential to an active working environment but they also serve as the perfect cyber-attack vector. Cyber-attacks and crimes are multi-faceted in present era and having tendency to outgrow manifold. Digital forensic is a... more

Browsers are essential to an active working environment but they also serve as the perfect cyber-attack vector. Cyber-attacks and crimes are multi-faceted in present era and having tendency to outgrow manifold. Digital forensic is a remarkable discipline to limit and investigate such threats by using its sophisticated tools. Web browser is the widely used application to access contents available on the internet and is user's face to the world. Typical browsing activities involve visiting web pages, accessing email accounts, using social media, uploading and downloading different files. User leaves digital footprints on computing device in the form of various artifacts while using browsers such as cookies, history, bookmarks, passwords, etc. These artifacts can be extracted through a specialized browser forensic toolkit to augment investigator's task. Researchers, in their previous work, have precisely focused towards specific mode of web-browsers' forensics and proposed viable investigative tools. In this study, accrued picture of all web-browsing modes (public, private and portable) has been crafted including potent forensic attributes for digital artifact's collection and comparative analysis of tools.

• • by Zunera Jalil
  • •
  • Computer Forensics, Applications of Machine Learning, Computer Security, Secure Software Development

Cybersecurity is a global challenge as Cyberspace is never risk free. Cybersecurity ensures the attainment and maintenance of the security properties of the digital infrastructure and services against relevant security risks in the cyber... more

Cybersecurity is a global challenge as Cyberspace is never risk free. Cybersecurity ensures the attainment and maintenance of the security properties of the digital infrastructure and services against relevant security risks in the cyber environment. Currently web applications are highly functional and rely upon two-way flow of information between the server and browser. New technologies in Web applications have brought with them a new range of security vulnerabilities and new possibilities for exploitation. WebGIS is an effective way for disseminating geospatial data and geo-processing tools through internet. WebGIS is similar to the client/server architecture and the server-side geo-processing components will store, process and serve the data to the client/browser, during which Database server, Application server and a web server will be involved. The networking infrastructure in WebGIS environment plays a critical role in the security of the data centres. This paper presents the architecture of WebGIS environment, role of networking components, traits of Cybersecurity and portrays various defence mechanisms that aid in Cybersecurity in WebGIS environment.

• • by Giri Babu
  • •
  • Secure Software Development, Cybersecurity, Malware, WebGIS

This paper proposes a two-step approach to identifying ambiguities in natural language (NL) requirements specifications (RSs). In the first step, a tool would apply a set of ambiguity measures to a RS in order to identify potentially... more

This paper proposes a two-step approach to identifying ambiguities in natural language (NL) requirements specifications (RSs). In the first step, a tool would apply a set of ambiguity measures to a RS in order to identify potentially ambiguous sentences in the RS. In the second step, another tool would show what specifically is potentially ambiguous about each potentially ambiguous sentence. The final decision of ambiguity remains with the human users of the tools. The paper describes several requirements-identification experiments with several small NL RSs using four prototypes of the first tool based on linguistic instruments and resources of different complexity and a manual mock-up of the second tool.

• • by Luisa Mich
  • •
  • Information Systems, Computer Science, Artificial Intelligence, Computer Engineering

Failure to eliminate security gaps can spell disaster for developers and their clients. Secure software development is a practice to ensure that the code and processes that go into developing software applications are as secure as... more

Failure to eliminate security gaps can spell disaster for developers and their clients. Secure software development is a practice to ensure that the code and processes that go into developing software applications are as secure as possible. Learn more in a Secure Software Development course by Tonex.

• • by Mike Gholi
  • •
  • Secure Software Development, Secure Software Developement Life Cycle

The utilization of social media security is now a topic that is discussed widely. People still do not seem to have a concern about security of social media. In this current literature critical review, we are discussing some of the most... more

The utilization of social media security is now a topic that is discussed widely. People still do not seem to have a concern about security of social media. In this current literature critical review, we are discussing some of the most important qualitative studies that explore and research about the use of social media security. Social media includes a wide range of websites and apps like Twitter, Facebook and Instagram. All the social media connect with each other and exchange information, so users should be mindful of the drawbacks and impacts of using social media sites. We consider the history of social media and the need of social media to highlight the background social media's background. Then we address the social media's idea security and the social media security risks with the challenges. We conclude with a discussion of potential steps for future of social media security/ possible solutions for security.

• • by Sanduni S H A S H I P R A B A Perera
  • •
  • Computer Security, Secure Software Development
• • by Marcin Bajer
  • •
  • Secure Development and Programming, Secure Software Development, Cyber Security, Internet of Things (IoTs)

Information technology (IT) organizations are increasing the use of agile practices, which are based on a people-centred culture alongside the software development process. Thus, it is vital to understand the social and human factors of... more

Information technology (IT) organizations are increasing the use of agile practices, which are based on a people-centred culture alongside the software development process. Thus, it is vital to understand the social and human factors of the individuals working in agile environments, such as happiness and unhappiness and how these factors impact this kind of environment. Therefore, five case-studies were developed inside agile projects, in a company that values innovation, aiming to identify how (un)happiness impacts software engineers in agile environments. According to the answers gathered from 67 participants through a survey, interviews and using a cross-analysis, happiness factors identified by agile teams were effective communication, motivated members, collaboration among members, proactive members, and present leaders.

• • by International Journal of Software Engineering & Applications (IJSEA)-ERA Indexed
  • •
  • Lean Software Development, Human Factors, Maritime Human Factors, Software Development

Security patterns are security knowledge encapsulated tools, they have significant contributions for supporting the software developers as all the software developers need not to be a security specialists. If the applied patterns are... more

Security patterns are security knowledge encapsulated tools, they have significant contributions for supporting the software developers as all the software developers need not to be a security specialists. If the applied patterns are inappropriate, this will create vulnerabilities in the product implementation. Here we proposed a method for validation of applied security design patterns in the implementation phase of software development
life cycle (SDLC). In this paper, we are verifying the security pattern by creating reusable test case. As a case study, we are validating the applied security patterns for Patient Monitoring System (PMS) application. We believe, the applied security patterns structure is verified in implementation phase. With this we achieve, the security patterns are successfully structured and verified in design and implementation phase. Thus, we can
rename SDLC as secure aware SDLC.

• • by Journal of Software Engineering & Intelligent Systems
  • •
  • Software Testing, Software Development, Design Patterns, Secure Software Development

With the increasing popularity of Agile Methods, many software organisations are moving away from traditional methods to adopt Agile development methodologies. Instead of being predictive, Agile is rather adaptive and people-focussed. It... more

With the increasing popularity of Agile Methods, many software organisations are moving away from traditional methods to adopt Agile development methodologies. Instead of being predictive, Agile is rather adaptive and people-focussed. It advocates a small and collaborative team that work closely together. But team size is a factor that is in turn constrained by people factors. When implementing Agile, these key factors are often overlooked. This study aims at identifying the underlying people factors to consider when adopting Agile for a team to be effective. The method used is the study of three different sized Agile teams developing products based on the same technologies and using Scrum. Both objective and subjective measures were used and the results are supported by a survey. The results clearly show that for agile methodologies to work well, it is crucial to select the right people for the right team.

• • by International Journal of Software Engineering & Applications (IJSEA)-ERA Indexed
  • •
  • Software Engineering, Lean Software Development, Software Development, Software Engineering education

"Context: Security in general, and database protection from unauthorized access in particular, are crucial for organizations. Although it has been long accepted that the important system requirements should be considered from the early... more

"Context: Security in general, and database protection from unauthorized access in particular, are crucial for organizations. Although it has been long accepted that the important system requirements should be considered from the early stages of the development process, non-functional requirements such as security tend to get neglected or dealt with only at later stages of the development process.
Objective: We present an empirical study conducted to evaluate a Pattern-based method for Secure Development – PbSD – that aims to help developers, in particular database designers, to design database schemata that comply with the organizational security policies regarding authorization, from the early stages of development. The method provides a complete framework to guide, enforce and verify the correct implementation of security policies within a system design, and eventually generate a database schema from that design.
Method: The PbSD method was evaluated in comparison with a popular existing method that directly specifies the security requirements in SQL and Oracle’s VPD. The two methods were compared with respect to the quality of the created access control specifications, the time it takes to complete the specification, and the perceived quality of the methods.
Results: We found that the quality of the access control specifications using the PbSD method for secure development were better with respect to privileges granted in the table, column and row granularity levels. Moreover, subjects who used the PbSD method completed the specification task in less time compared to subjects who used SQL. Finally, the subjects perceived the PbSD method clearer and more easy to use.
Conclusion: The pattern-based method for secure development can enhance the quality of security specification of databases, and decrease the software development time and cost. The results of the experiment may also indicate that the use of patterns in general has similar benefits; yet this requires further examinations."

• • by Peretz Shoval
  • •
  • Design Patterns, Databases, Secure Software Development, Secure Databasedevelopment
• • by Arnon Sturm
  • •
  • Information Systems, Design Patterns, Databases, Secure Software Development
• • by Jenny Abramov
  • •
  • Information Systems, Design Patterns, Databases, Secure Software Development
• • by Nicola Zeni
  • •
  • Information Systems, Computer Science, Artificial Intelligence, Computer Engineering

With increase in demand for the security aspects of software, every phase of the Software Development Life Cycle (SDLC) is experiencing major changes with respect to security. Security designers, developers, and testers are keen on... more

With increase in demand for the security aspects of software, every phase of the Software Development Life
Cycle (SDLC) is experiencing major changes with respect to security. Security designers, developers, and
testers are keen on improving various security aspects of a system. Specification of security requirements
propagates to different phases of an SDLC and there exist different techniques and methodologies to
specify security requirements. Business level security requirements are specified using policy specification
languages. The current literature has specification languages that are domain based, web based, network
based, syntax based, semantics based, predicate based, and protocol based. In this research effort, a
generic secure policy prototype and components of the generic secure policy were defined using formal
methods. The Descartes specification language, a formal executable specification language, has been
developed to specify software systems. The development of a secure policy framework along with extended
constructs of the Descartes specification language for specifying secure policies are some of the deliverables of this research effort. Concepts of secure policies were adopted from the SPromela, Ponder, and REI methodologies for secure policy specification, analysis, and design.

• • by International Journal of Software Engineering & Applications (IJSEA)-ERA Indexed
  • •
  • Software Engineering, Formal Methods (Formal Verification), Semantics, Security
• • by Peretz Shoval
  • •
  • Information Systems, Design Patterns, Databases, Secure Software Development