Abstract
In the beginning, some of the most fundamental aspects of security, like confidentiality, integrity, and availability are presented. Then, the attacker’s key motivators are mentioned. In the following parts, the focus is on the ways of designing and developing a secure software product. So, from a design point of view, the secure software development life cycle and how a security management process should take place are described in multiple phases starting from security threat and risk analysis phase to security testing phase and malware scanning. To keep track of vulnerabilities that might appear in the future, especially for 3rd party products, a security vulnerability management process should be used. Finally, some of the most common vulnerabilities and ways to assure secure code are presented in the secure development chapter. Making source code security analysis by using static/dynamic/interactive application security testing tools with manual code reviews is some important factors in assuring secure software development.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Churi, J.R., Sudhish, T., Ajay, S., Yewale, S.: Evolution of networks (2G–5G). In: International Conference on Advances in Communication and Computing Technologies (ICACACT), (2012)
Verizon Data Breach Investigations Report. [Online]. Available: https://www.fsecure.com/en/consulting/our-thinking/inside-the-2017-verizon-dbir. Accessed 29 March 2022
Rastogi, V.: Software development life cycle models-comparison, consequences. Int. J. Comput. Sci. Inf. Technol. 6(1) (2015)
Hackedu.: [Online]. Available: https://www.hackedu.com/blog/what-is-a-securesoftware-development-lifecycle-and-how-do-you-build-an-application-securityprogram. Accessed 1 April 2022
Schmidt, H.: Threat- and risk-analysis during early security requirements engineering. In: International Conference on Availability, Reliability and Security, Krakow, Poland, (2010)
[Online]. Available: https://www.aphis.usda.gov/aphis/resources/lawsandregs/privacy-act/pta-piasorn/pta-pia-sorn. Accessed 5 April 2022
OECD.: Policies for Information Security & Privacy (2009)
Security and Privacy Controls for Information Systems and Organizations, p. 2020. National Institute of Standards and Technology, U.S. Department of Commerce
Rowland, C.: Handbook: Online Communication Matrix. Oregon Health and Science University (2011)
Amy Reichert.: [Online]. Available: https://techbeacon.com/app-devtesting/software-testing-complex-integrated-applications-go-modular. Accessed 5 April 2022
Höst, M., Sönnerup, J., Hell, M., Olsson, T.: Industrial practices in security vulnerability management for IoT systems–an interview study. In: Proceedings of the International Conference on Software Engineering Research and Practice (SERP). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), (2018)
Foreman, P.: Vulnerability Management. Auerbach Publications (2019)
[Online]. Available: https://www.rapid7.com/fundamentals/vulnerability-managementand-scanning/. Accessed 5 April 2022
[Online]. Available: https://www.first.org/cvss/. Accessed 5 April 2022
Ruohonen, J.: A look at the time delays in CVSS vulnerability scoring. Appl. Comput. Inf. 15 Feb 2019
[Online]. Available: https://www.balbix.com/insights/whats-the-difference-betweencve-and-cvss/. Accessed 5 April 2022
[Online]. Available: https://www.cloudflare.com/learning/ddos/ping-of-death-ddosattack/. Accessed 5 April 2022
[Online]. Available: https://www.mitre.org/publications/systems-engineeringguide/enterprise-engineering/systems-engineering-for-mission-assurance/securecode-review. Accessed 6 April 2022
[Online]. Available: https://owasp.org/wwwcommunity/Source_Code_Analysis_Tools. Accessed 6 April 2022
[Online]. Available: https://u-tor.com/topic/black-box-penetration-testing. Accessed 6 April 2022
[Online]. Available: Interactive Application Security Testing. Accessed 6 April 2022
Williams, J.: [Online]. Available: https://www.contrastsecurity.com/securityinfluencers/why-the-difference-between-sast-dast-and-iast-matters. Accessed 6 April 2022
[Online]. Available: https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html. Accessed 7 April 2022
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Stanciu, AM. (2023). Theoretical Study of Security for a Software Product. In: Nagar, A.K., Singh Jat, D., Mishra, D.K., Joshi, A. (eds) Intelligent Sustainable Systems. Lecture Notes in Networks and Systems, vol 578. Springer, Singapore. https://doi.org/10.1007/978-981-19-7660-5_20
Download citation
DOI: https://doi.org/10.1007/978-981-19-7660-5_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-7659-9
Online ISBN: 978-981-19-7660-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)