|
| Cutting Edge Practices for Secure Software Engineering
|
|
Full
text: |
 PDF(135.6KB) |
|
|
Source |
International Journal of Computer Science and Security (IJCSS) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(2.76MB) |
|
Volume: 4 Issue: 4 |
| |
Pages: 373-435 |
|
Publication
Date: October 2010 |
|
ISSN
(Online): 1985-1553 |
|
|
|
|
|
Pages |
403 - 408 |
|
Author(s) |
|
|
|
Published
Date |
30-10-2010 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
KEYWORDS: Secure Software Engineering, Security vulnerabilities, risk analysis |
|
|
| |
|
|
| This Manuscript is indexed in the following databases/websites:- |
|
| 1. PDFCAST |
| 2. Scribd |
| 3. Docstoc |
| 4. Directory of Open Access Journals (DOAJ) |
| 5. Google Scholar |
| 6. refSeek |
| 7. Socol@r |
| 8. iSEEK |
| 9. Bielefeld Academic Search Engine (BASE) |
| 10. ResearchGATE |
| 11. Academic Journals Database |
| 12. Libsearch |
| 13. slideshare |
| |
|
| |
|
|
| Security has become a high priority issue in software engineering. But, it is generally given a side thought. Security features are implemented after engineering the whole software. This paper discusses that security should be implemented right from the inception of software and planned for each phase of SDLC in software Engineering.The paper also suggests recommendations for implementing security at each phase of life cycle of software. If each phase of the software engineering includes the appropriate security analysis, defenses and countermeasures, it will definitely result in a more robust and reliable software. |
| |
|
| |
|
| |
| 1 |
Nancy R. Mead, T. Stehney. “Security Quality Requirements Engineering (SQUARE) Methodology”. Software Engineering for Secure Systems -- Building Trustworthy Applications (SESS'05), 2005
|
|
|
| 2 |
Fuzz Testing [Online]. Available at: http://en.wikipedia.org/wiki/Fuzz_testing
|
|
|
| 3 |
Penetration test [Online]. Available at: http://en.wikipedia.org/wiki/Penetration_testing
|
|
|
| 4 |
Jian Chen. “Security Engineering for Software”. isis.poly.edu/courses/cs996-management /Lectures/SES.pdf
|
|
|
| 5 |
G. McGraw. “Software Security, Building Security”. In published by IEEE Computer Society, 2004
|
|
|
| 6 |
G. Blitz, Jarry, M. Coles, Dhillon, C. Fagan. “Fundamental Practices for Secure Software Development: A guide to most effective secure practices today”. Safe Code Software Forum for Excellence in Code, 2008
|
|
|
| 7 |
G. McGraw. “Testing for Security during Development: Why We Should Scrap Penetrate-and- Patch”. IEEE Aerospace and Electronic Systems, 13(4):13–15, 1998
|
|
|
| 8 |
G. McGraw. “Building Secure Software: Better than Protecting Bad Software ”. IEEE Software, 19(6):57–59, 2002
|
|
|
| 9 |
D. J. Hulme, B. Wassermann. “Software Engineering for Security”. Available at: www.cs.ucl.ac.uk/ staff/ucacwxe/lectures/3C05-01-02/aswe17.pdf
|
|
|
| 10 |
Allen, Julia, Barnum, Sean, Ellison, Robert, McGraw, Gary, Mead, Nancy. “Software Security Engineering: A Guide for Project Managers”. Addison-Wesley, 2008
|
|
|
| 11 |
M. U. A. Khan, M. Zulkernine. “A Survey on Requirements and Design Methods for Secure Software Development”. Technical Report No. 2009 – 562 , School of Computing, Queen’s University, Kingston, Ontario, Canada, 2009
|
|
|
| 12 |
Sodiya, Onashoga, Ajayi. “Towards Building Secure Software Systems, Issues in Informing Science and Information Technology” . 3: 2006
|
|
|
| 13 |
J. D. Meier, A. Mackman, B. Wastell, P. Bansode, J. Taylor, R. Araujo. “Software Engineering Explained: Patterns and Practices”. Microsoft
|
|
|
| 14 |
G. McGraw. “Software Penetration Testing, Building Security In”. published by IEEE Computer Society, 2005
|
|
|
| 15 |
Barbato, A. Montes, Vijaykumar. “Methodologies and Tools for Software Vulnerabilities Identification”
|
|
|
| 16 |
G. McGraw. “Automated Code Review Tools Used for Security, How Things WorK”. Cigital, 2005
|
|
|
| 17 |
G. McGraw. “Software Security Testing, Building Security In”. published by IEEE Computer Society, 2004
|
|
|
| |
|
| |
|
| |
| 1 |
D. Shravani, Dr. P. S. Varma, K. V. Rao, M.U. Kumar and Dr.B.P. Rani, “Dependable Web Services Security Architecture Development Theoretical and Practical Issues – Spatial Web Services Case Study”, Natarajan Meghanathan, et al. (Eds): ITCS, SIP, JSE-2012, CS & IT 04, pp. 79–98, 2012.
|
|
|
| 2 |
M.U. Kumar, Dr. D. S. Kumar, Dr. B. P. Rani and K. V. Rao, “Designing Dependable Agile Layered Web Services Security Architecture Solutions”, Indian Journal of Computer Science and Engineering (IJCSE), 2(3), pp. 128-436, June-July 2011.
|
|
|
| |
|
| |
|
| |
| 1 |
TechRepublic
|
| |
|
| |
|
| |
|
| Kanchan Hans : Colleagues
|
|
