Skip to main content
SpringerLink
Log in

Theoretical Study of Security for a Software Product

  • Conference paper
  • First Online:
Intelligent Sustainable Systems

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 578))

Abstract

In the beginning, some of the most fundamental aspects of security, like confidentiality, integrity, and availability are presented. Then, the attacker’s key motivators are mentioned. In the following parts, the focus is on the ways of designing and developing a secure software product. So, from a design point of view, the secure software development life cycle and how a security management process should take place are described in multiple phases starting from security threat and risk analysis phase to security testing phase and malware scanning. To keep track of vulnerabilities that might appear in the future, especially for 3rd party products, a security vulnerability management process should be used. Finally, some of the most common vulnerabilities and ways to assure secure code are presented in the secure development chapter. Making source code security analysis by using static/dynamic/interactive application security testing tools with manual code reviews is some important factors in assuring secure software development.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Churi, J.R., Sudhish, T., Ajay, S., Yewale, S.: Evolution of networks (2G–5G). In: International Conference on Advances in Communication and Computing Technologies (ICACACT), (2012)

    Google Scholar 

  2. Verizon Data Breach Investigations Report. [Online]. Available: https://www.fsecure.com/en/consulting/our-thinking/inside-the-2017-verizon-dbir. Accessed 29 March 2022

  3. Rastogi, V.: Software development life cycle models-comparison, consequences. Int. J. Comput. Sci. Inf. Technol. 6(1) (2015)

    Google Scholar 

  4. Hackedu.: [Online]. Available: https://www.hackedu.com/blog/what-is-a-securesoftware-development-lifecycle-and-how-do-you-build-an-application-securityprogram. Accessed 1 April 2022

  5. Schmidt, H.: Threat- and risk-analysis during early security requirements engineering. In: International Conference on Availability, Reliability and Security, Krakow, Poland, (2010)

    Google Scholar 

  6. [Online]. Available: https://www.aphis.usda.gov/aphis/resources/lawsandregs/privacy-act/pta-piasorn/pta-pia-sorn. Accessed 5 April 2022

  7. OECD.: Policies for Information Security & Privacy (2009)

    Google Scholar 

  8. Security and Privacy Controls for Information Systems and Organizations, p. 2020. National Institute of Standards and Technology, U.S. Department of Commerce

    Google Scholar 

  9. Rowland, C.: Handbook: Online Communication Matrix. Oregon Health and Science University (2011)

    Google Scholar 

  10. Amy Reichert.: [Online]. Available: https://techbeacon.com/app-devtesting/software-testing-complex-integrated-applications-go-modular. Accessed 5 April 2022

  11. Höst, M., Sönnerup, J., Hell, M., Olsson, T.: Industrial practices in security vulnerability management for IoT systems–an interview study. In: Proceedings of the International Conference on Software Engineering Research and Practice (SERP). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), (2018)

    Google Scholar 

  12. Foreman, P.: Vulnerability Management. Auerbach Publications (2019)

    Google Scholar 

  13. [Online]. Available: https://www.rapid7.com/fundamentals/vulnerability-managementand-scanning/. Accessed 5 April 2022

  14. [Online]. Available: https://www.first.org/cvss/. Accessed 5 April 2022

  15. Ruohonen, J.: A look at the time delays in CVSS vulnerability scoring. Appl. Comput. Inf. 15 Feb 2019

    Google Scholar 

  16. [Online]. Available: https://www.balbix.com/insights/whats-the-difference-betweencve-and-cvss/. Accessed 5 April 2022

  17. [Online]. Available: https://www.cloudflare.com/learning/ddos/ping-of-death-ddosattack/. Accessed 5 April 2022

  18. [Online]. Available: https://www.mitre.org/publications/systems-engineeringguide/enterprise-engineering/systems-engineering-for-mission-assurance/securecode-review. Accessed 6 April 2022

  19. [Online]. Available: https://owasp.org/wwwcommunity/Source_Code_Analysis_Tools. Accessed 6 April 2022

  20. [Online]. Available: https://u-tor.com/topic/black-box-penetration-testing. Accessed 6 April 2022

  21. [Online]. Available: Interactive Application Security Testing. Accessed 6 April 2022

    Google Scholar 

  22. Williams, J.: [Online]. Available: https://www.contrastsecurity.com/securityinfluencers/why-the-difference-between-sast-dast-and-iast-matters. Accessed 6 April 2022

  23. [Online]. Available: https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html. Accessed 7 April 2022

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Technology, University Politehnica Timisoara, 300223, Timisoara, Romania

    Alin-Marius Stanciu

Authors
  1. Alin-Marius Stanciu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alin-Marius Stanciu .

Editor information

Editors and Affiliations

  1. School of Mathematics, Computer Science and Engineering, Liverpool Hope University, Liverpool, UK

    Atulya K. Nagar

  2. Namibia University of Science and Technology, Windhoek, Namibia

    Dharm Singh Jat

  3. Department of Computer Science and Engineering, Sri Aurobindo Institute of Technology, Indore, Madhya Pradesh, India

    Durgesh Kumar Mishra

  4. Global Knowledge Research Foundation, Ahmedabad, India

    Amit Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stanciu, AM. (2023). Theoretical Study of Security for a Software Product. In: Nagar, A.K., Singh Jat, D., Mishra, D.K., Joshi, A. (eds) Intelligent Sustainable Systems. Lecture Notes in Networks and Systems, vol 578. Springer, Singapore. https://doi.org/10.1007/978-981-19-7660-5_20

Download citation

Publish with us

Policies and ethics

Search

Navigation