Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ World Journal of Adv...arrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
World Journal of Advanced Research and Reviews
Article . 2023 . Peer-reviewed
Data sources: Crossref
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Article . 2023
License: CC BY
Data sources: Datacite
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Article . 2023
License: CC BY
Data sources: ZENODO
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Article . 2023
License: CC BY
Data sources: Datacite
 View all 3 versions
Claim

Theory and practice in secure software development lifecycle: A comprehensive survey

descriptionPublicationkeyboard_double_arrow_right Article 30 Jun 2023Publisher:GSC Online PressJournal:World Journal of Advanced Research and Reviews, volume 18, pages 53-78 (eissn: 2581-9615, Copyright policy )
Authors: Otieno, Martin; Odera, David; Jairus Ekume Ounza;

doi: 10.30574/wjarr.2023.18.3.0944 , 10.5281/zenodo.8430060 , 10.5281/zenodo.8430059

Theory and practice in secure software development lifecycle: A comprehensive survey

Abstract

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.

Related Organizations
Keywords

Attacks; Coding; Methodologies; Privacy; Security; Software; SDLC

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 10
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Top 10%
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Top 10%
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Top 10%
    OpenAIRE UsageCounts
    Usage byUsageCounts
    visibility views 4
    download downloads 6
  • 4
    views
    6
    downloads
    Powered byOpenAIRE UsageCounts
Powered by OpenAIRE graph
Found an issue? Give us feedback
visibility
download
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
views
OpenAIRE UsageCountsViews provided by UsageCounts
downloads
OpenAIRE UsageCountsDownloads provided by UsageCounts
10
Top 10%
Top 10%
Top 10%
4
6
Green
gold