Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(135.58KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Cutting Edge Practices for Secure Software Engineering
Kanchan Hans
Pages - 403 - 408     |    Revised - 30-08-2010     |    Published - 30-10-2010
Volume - 4   Issue - 4    |    Publication Date - October 2010  Table of Contents
MORE INFORMATION
KEYWORDS
Secure Software Engineering, Security vulnerabilities, risk analysis
ABSTRACT
Security has become a high priority issue in software engineering. But, it is generally given a side thought. Security features are implemented after engineering the whole software. This paper discusses that security should be implemented right from the inception of software and planned for each phase of SDLC in software Engineering.The paper also suggests recommendations for implementing security at each phase of life cycle of software. If each phase of the software engineering includes the appropriate security analysis, defenses and countermeasures, it will definitely result in a more robust and reliable software.
CITED BY (9)  
1 Chawla, D., & Kaur, M. (2014). System & Web based Modeling for Secure Software Development. International Journal of Computer Technology and Applications, 5(1), 257.
2 Abdulrazeg, A. A., Norwawi, N. M., & Basir, N. (2014, October). Extending V-model practices to support SRE to build secure web application. In Advanced Computer Science and Information Systems (ICACSIS), 2014 International Conference on (pp. 213-218). IEEE.
3 Pirnau, M. (2013, June). The analysis of the. NET architecture security system. In Electronics, Computers and Artificial Intelligence (ECAI), 2013 International Conference on (pp. 1-6). IEEE.
4 Siddiqui, S. T., Hamatta, H. S., & Bokhari, M. U. (2013). Multilevel Security Spiral (MSS) Model: NOVEL Approach. International Journal of Computer Applications, 65(20).
5 Shravani, D., Varma, P. S., Rao, K. V., Rani, B. P., & Kumar, M. U. (2012). dependable web services security architecture development theoretical and practical issues–spatial web services case study.
6 D. Shravani, Dr. P. S. Varma, K. V. Rao, M.U. Kumar and Dr.B.P. Rani, “Dependable Web Services Security Architecture Development Theoretical and Practical Issues – Spatial Web Services Case Study”, Natarajan Meghanathan, et al. (Eds): ITCS, SIP, JSE-2012, CS & IT 04, pp. 79–98, 2012.
7 Shravani, D., Varma, P. S., Rani, B. P., Kumar, M. U., & Prasad, A. K. (2011). Designing Dependable Web Services Security Architecture Solutions. In Advances in Network Security and Applications (pp. 140-149). Springer Berlin Heidelberg.
8 Alvi, A. K., & Zulkernine, M. (2011, December). A natural classification scheme for software security patterns. In Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on (pp. 113-120). IEEE.
9 M.U. Kumar, Dr. D. S. Kumar, Dr. B. P. Rani and K. V. Rao, “Designing Dependable Agile Layered Web Services Security Architecture Solutions”, Indian Journal of Computer Science and Engineering (IJCSE), 2(3), pp. 128-436, June-July 2011.
1 Google Scholar
2 Academic Journals Database
3 CiteSeerX
4 refSeek
5 iSEEK
6 Socol@r
7 ResearchGATE
8 Libsearch
9 Bielefeld Academic Search Engine (BASE)
10 Scribd
11 SlideShare
12 PDFCAST
13 PdfSR
1 Nancy R. Mead, T. Stehney. “Security Quality Requirements Engineering (SQUARE) Methodology”. Software Engineering for Secure Systems -- Building Trustworthy Applications (SESS'05), 2005
2 Fuzz Testing [Online]. Available at: http://en.wikipedia.org/wiki/Fuzz_testing
3 Penetration test [Online]. Available at: http://en.wikipedia.org/wiki/Penetration_testing
4 Jian Chen. “Security Engineering for Software”. isis.poly.edu/courses/cs996-management /Lectures/SES.pdf
5 G. McGraw. “Software Security, Building Security”. In published by IEEE Computer Society, 2004
6 G. Blitz, Jarry, M. Coles, Dhillon, C. Fagan. “Fundamental Practices for Secure Software Development: A guide to most effective secure practices today”. Safe Code Software Forum for Excellence in Code, 2008
7 G. McGraw. “Testing for Security during Development: Why We Should Scrap Penetrate-and- Patch”. IEEE Aerospace and Electronic Systems, 13(4):13–15, 1998
8 G. McGraw. “Building Secure Software: Better than Protecting Bad Software ”. IEEE Software, 19(6):57–59, 2002
9 D. J. Hulme, B. Wassermann. “Software Engineering for Security”. Available at: www.cs.ucl.ac.uk/ staff/ucacwxe/lectures/3C05-01-02/aswe17.pdf
10 Allen, Julia, Barnum, Sean, Ellison, Robert, McGraw, Gary, Mead, Nancy. “Software Security Engineering: A Guide for Project Managers”. Addison-Wesley, 2008
11 M. U. A. Khan, M. Zulkernine. “A Survey on Requirements and Design Methods for Secure Software Development”. Technical Report No. 2009 – 562 , School of Computing, Queen’s University, Kingston, Ontario, Canada, 2009
12 Sodiya, Onashoga, Ajayi. “Towards Building Secure Software Systems, Issues in Informing Science and Information Technology” . 3: 2006
13 J. D. Meier, A. Mackman, B. Wastell, P. Bansode, J. Taylor, R. Araujo. “Software Engineering Explained: Patterns and Practices”. Microsoft
14 G. McGraw. “Software Penetration Testing, Building Security In”. published by IEEE Computer Society, 2005
15 Barbato, A. Montes, Vijaykumar. “Methodologies and Tools for Software Vulnerabilities Identification”
16 G. McGraw. “Automated Code Review Tools Used for Security, How Things WorK”. Cigital, 2005
17 G. McGraw. “Software Security Testing, Building Security In”. published by IEEE Computer Society, 2004
Mr. Kanchan Hans
- India
kanchanhans@gmail.com