Abstract
In the modern age of the Internet and information technology, information security in terms of software development has become a relevant issue for both public and private organizations. Considering the large budget that the nation must invest to prevent and repair computer attacks, the development of secure software in the Ministry of Housing, City, and Territory –MHCT– became a need that must be solved from the area of technology. Since information is the most important asset of any organization, it is essential to generate information systems with high levels of security, integrity, and reliability. We propose a methodology for the development of secure code, with the necessary procedures and indications to prevent possible attacks to information security and aimed at covering the development phase in the process of creating information systems for the MHCT. This is a specific methodology that was raised from different methodologies that address this problem, which we compared and evaluated based on different criteria that are relevant in the MHCT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Apple Computer Inc.: Secure Coding Guide (2016)
The Web Application Security Consortium: The WASC Threat Classification v2.0 (2011)
Standards, SEI CERT Coding: Obtenido de Software Engineering Institute - Carnegie Mellon University, 24 de abril de (2017)
Bijay, K., Jayaswal, P.C.: Design for Trustworyhy Software. Pearson (2007)
Brito, C. J.: Metodologías para desarrollar software seguro (2013)
BSIMM Initiative: BSIMM Framework (2017)
SANS: What Works in Application Security (2016)
Curphey, Mark - OWASP: A Guide to Building Secure Web Applications - The Open Web Application Security Project (2005)
Deloitte: Encuesta de Seguridad Mundial. USA: Deloitte Survey (2007)
Williams, J. OWASP Foundation: The Open Web Application Security Project (2008)
Forero, R.A.: Dinero. Obtenido de Amenazas cibernéticas y la vulnerabilidad de nuestro negocio (2016)
Glass, R.L.: Building Quality Software. Prentice Hall, Upper Saddle River, New Jersey (1992)
Munassar, N.M.A., Govardhan, A.: A comparison between five models of software engineering. Int. J. Comput. Sci. Issues 5, 95–101 (2010)
Microsoft Corporation: The Security Development Lifecycle Developer Starter Kit (2017)
Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press a Division of Microsoft Corporation, Redmond (2006)
Huseby, S.H.: Innocent Code - A Security Wake-Up Call for Web Programmers. Wiley, London (2004)
International Organization for Standarization and International Electrotechnical Commission: ISO/IEC 27034–1 Application Security - Overview and Concepts. ISO (2011)
ISO/IEC, I.: ISO. ISO/IEC 27001:2013 - Information technology - Security Techniques - Information security management systems. ISO/IEC (2013)
Jhohn Viega, G.M.: Building Secure Software. Pearson, Indianapolis (2001)
Kissel, R.: Security Considerations in the System Development Life Cycle. NIST Special Publication, Technical report, National Institute of Standards and Technology (2008)
ISACA.: Encuesta de Fraude y Cibercrimen en Colombia. Bogota (2013)
Florez, H., Sanchez, M., Villalobos, J.: A Catalog of Automated Analysis Methods for Enterprise Models. Springer, New York (2016). https://doi.org/10.1186/s40064-016-2032-9
McConnel, S.: Code Complete: A Practical Handbook of Software Construction, 2nd edn. Microsoft Press, Redmond (2004)
McGraw, G.: Software Security: Building Security in. Addison Wesley, Boston (2006)
Microsoft Corp.: Microsoft Security Development Lifecycle (SDL) - Process Guidance (2012)
Microsoft Corp.: Improving Web Application Security: Threats and Countermeasures (2017)
MINTIC: Conoce la estrategia de gobierno en línea (2017)
Minvivienda: Misión y Visión del Ministerio de Vivienda (2017)
National Institute of Standards and Technology: Security Considerations in the System Development Life Cycle (2008)
OWASP Foundation: OWASP Secure Coding Practices - Quick Reference Guide (2015)
OWASP Foundation: The Open Web Application Security Project (2015)
OWASP Foundation: OWASP.NET Project (2016)
OWASP Foundation: OWASP SAMM Project (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Nivia, R.M., Cortés, P.E., Rojas, A.E. (2018). Implementation Phase Methodology for the Development of Safe Code in the Information Systems of the Ministry of Housing, City, and Territory. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2018. ICCSA 2018. Lecture Notes in Computer Science(), vol 10961. Springer, Cham. https://doi.org/10.1007/978-3-319-95165-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-95165-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95164-5
Online ISBN: 978-3-319-95165-2
eBook Packages: Computer ScienceComputer Science (R0)