A Secure Software Specification Development Strategy for Enterprises : A Case Study Approach

Authors

  • Sifat Ali Sathio  Department of Software Engineering, Institute of Information and Communication Technology, Mehran University of Engineering and Technology, Jamshoro, Pakistan
  • Dr. Isma Farah Siddiqui  Associate Professor, Department of Software Engineering, Mehran University of Engineering and Technology, Jamshoro, Pakistan
  • Dr. Qasim Ali Arain  Associate Professor, Department of Software Engineering, Mehran University of Engineering and Technology, Jamshoro, Pakistan

DOI:

https://doi.org/10.32628/CSEIT217155

Keywords:

Requirements engineering, Software requirements, Software engineering, Software specifications, Secure Software Specification, Secure Software Development Life Cycle, Re Engineering, Vulnerability, Penetration Testing

Abstract

Although Security is a non-functional requirement, it is a very essential requirement for software systems, to achieve secure software specification development for enterprises we need to find and fix vulnerabilities in the early phase of SDLC. For the successful achievement of secure software specification development in the software enterprise, the security of software application plays a very vital role. During the software development lifecycle, improper security can lead to thoughtful and serious consequences in any enterprise. In this paper, the case study approach is followed regarding the achievement of a secure web application, finding and fixing vulnerabilities in the early software development lifecycle, and applying the re-engineering process on a developed web application using the best security assessment model considering the literature review. Also, validation of the developed application is done with the help of Penetration testing.

References

  1. Mamdouh Alenezi, Amir Shahab, Muhammad Nadeem & Raja Asif Wagan (2020). An automated approach to fix buffer overflows. Int J Elec & Comp Eng, Vol. 10, No. 4.
  2. Qian, K., Parizi, R. M., & Lo, D. (2018, December). OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development. In 2018 IEEE Conference on Dependable and Secure Computing (DSC) (pp. 1-2). IEEE.
  3. Khan, M. U. A., & Zulkernine, M. (2008, July). Quantifying security in secure software development phases. In 2008 32nd Annual IEEE International Computer Software and Applications Conference (pp. 955-960). IEEE.
  4. Karim, N. S. A., Albuolayan, A., Saba, T., & Rehman, A. (2016). The practice of secure software development in SDLC: an investigation through existing model and a case study. Security and Communication Networks, 9(18), 5333-5345.
  5. Chung, L., Nixon, B. A., Yu, E., &Mylopoulos, J. (2012). Non-functional requirements in software engineering (Vol. 5). Springer Science & Business Media.
  6. Salini, P., & Kanmani, S. (2016). Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems. International Journal of Information Security, 15(3), 319-334.
  7. Mohammed, N. M., Niazi, M., Alshayeb, M., & Mahmood, S. (2017). Exploring software security approaches in software development lifecycle: A systematic mapping study. Computer Standards & Interfaces, 50, 107-115.
  8. Sravani Teja Bulusu, Romain Laborde, Ahmad Samer Wazan, Francois Barrere & Abdelmalek Benzekri. (2018). Applying a Requirement Engineering Based Approach to Evaluate the Security Requirements Engineering Methodologies. Researchgate.
  9. Rouland, Q., Hamid, B., Bodeveix, J. P., & Filali, M. (2019, November). A Formal Methods Approach to Security Requirements Specification and Verification. In 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) (pp. 236-241). IEEE.
  10. Abdul Karim, Nor & Albuolayan, Arwa & Saba, Tanzila & Rehman, Amjad. (2016). The practice of secure software development in SDLC: an investigation through existing model and a case study: The practice of secure software development in SDLC. Security and Communication Networks. 10.1002/sec.1700.
  11. Burato, E., Ferrara, P., & Spoto, F. (2017). Security analysis of the OWASP benchmark with Julia. Proceedings of ITASEC, 17.

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2021-02-28

Issue

Volume 7, Issue 1, January-February-2021

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Sifat Ali Sathio, Dr. Isma Farah Siddiqui, Dr. Qasim Ali Arain, " A Secure Software Specification Development Strategy for Enterprises : A Case Study Approach" International Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 7, Issue 1, pp.260-266, January-February-2021. Available at doi : https://doi.org/10.32628/CSEIT217155