Theory and practice in secure software development lifecycle: A comprehensive survey
1 Jaramogi Oginga Odinga University of Science and Technology, Bondo, Kenya.
2 Tom Mboya University, Homa-Bay, Kenya.
3 Kabarak University, Nakuru, Kenya.
Review Article
World Journal of Advanced Research and Reviews, 2023, 18(03), 053–078
Publication history:
Received on 11 April 2023; revised on 30 May 2023; accepted on 01 June 2023
Abstract:
Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.
Keywords:
Attacks; Coding; Methodologies; Privacy; Security; Software; SDLC
Full text article in PDF:
Copyright information:
Copyright © 2023 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0