A Secure Software Specification Development Strategy for Enterprises : A Case Study Approach
DOI:
https://doi.org/10.32628/CSEIT217155Keywords:
Requirements engineering, Software requirements, Software engineering, Software specifications, Secure Software Specification, Secure Software Development Life Cycle, Re Engineering, Vulnerability, Penetration TestingAbstract
Although Security is a non-functional requirement, it is a very essential requirement for software systems, to achieve secure software specification development for enterprises we need to find and fix vulnerabilities in the early phase of SDLC. For the successful achievement of secure software specification development in the software enterprise, the security of software application plays a very vital role. During the software development lifecycle, improper security can lead to thoughtful and serious consequences in any enterprise. In this paper, the case study approach is followed regarding the achievement of a secure web application, finding and fixing vulnerabilities in the early software development lifecycle, and applying the re-engineering process on a developed web application using the best security assessment model considering the literature review. Also, validation of the developed application is done with the help of Penetration testing.
References
- Mamdouh Alenezi, Amir Shahab, Muhammad Nadeem & Raja Asif Wagan (2020). An automated approach to fix buffer overflows. Int J Elec & Comp Eng, Vol. 10, No. 4.
- Qian, K., Parizi, R. M., & Lo, D. (2018, December). OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development. In 2018 IEEE Conference on Dependable and Secure Computing (DSC) (pp. 1-2). IEEE.
- Khan, M. U. A., & Zulkernine, M. (2008, July). Quantifying security in secure software development phases. In 2008 32nd Annual IEEE International Computer Software and Applications Conference (pp. 955-960). IEEE.
- Karim, N. S. A., Albuolayan, A., Saba, T., & Rehman, A. (2016). The practice of secure software development in SDLC: an investigation through existing model and a case study. Security and Communication Networks, 9(18), 5333-5345.
- Chung, L., Nixon, B. A., Yu, E., &Mylopoulos, J. (2012). Non-functional requirements in software engineering (Vol. 5). Springer Science & Business Media.
- Salini, P., & Kanmani, S. (2016). Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems. International Journal of Information Security, 15(3), 319-334.
- Mohammed, N. M., Niazi, M., Alshayeb, M., & Mahmood, S. (2017). Exploring software security approaches in software development lifecycle: A systematic mapping study. Computer Standards & Interfaces, 50, 107-115.
- Sravani Teja Bulusu, Romain Laborde, Ahmad Samer Wazan, Francois Barrere & Abdelmalek Benzekri. (2018). Applying a Requirement Engineering Based Approach to Evaluate the Security Requirements Engineering Methodologies. Researchgate.
- Rouland, Q., Hamid, B., Bodeveix, J. P., & Filali, M. (2019, November). A Formal Methods Approach to Security Requirements Specification and Verification. In 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS) (pp. 236-241). IEEE.
- Abdul Karim, Nor & Albuolayan, Arwa & Saba, Tanzila & Rehman, Amjad. (2016). The practice of secure software development in SDLC: an investigation through existing model and a case study: The practice of secure software development in SDLC. Security and Communication Networks. 10.1002/sec.1700.
- Burato, E., Ferrara, P., & Spoto, F. (2017). Security analysis of the OWASP benchmark with Julia. Proceedings of ITASEC, 17.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRCSEIT

This work is licensed under a Creative Commons Attribution 4.0 International License.