Incorporating Software Security into an Undergraduate Software Engineering Course

2009 ◽  
Author(s):  
Cynthia Y. Lester ◽  
Frank Jamerson
Keyword(s):  
Software Engineering ◽  
Software Security

scholarly journals Infusing Software Security in Software Engineering

2018 ◽  
Author(s):  
Sushil Acharya ◽  
Walter Schilling
Keyword(s):  
Software Engineering ◽  
Software Security

Software Security Engineering

2008 ◽  
pp. 927-942
Author(s):  
Mohammad Zulkernine ◽  
Sheikh I. Ahamed
Keyword(s):  
Software Engineering ◽  
Software Security ◽  
Rapid Development ◽  
Process Models ◽  
Software Systems ◽  
Engineering Process ◽  
Software Life Cycle ◽  
Security Engineering ◽  
Controlled Systems ◽  
Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Software Security Engineering

2011 ◽  
pp. 215-233 ◽  
Author(s):  
Mohammad Zulkernine ◽  
Sheikh I. Ahamed
Keyword(s):  
Software Engineering ◽  
Software Security ◽  
Rapid Development ◽  
Process Models ◽  
Software Systems ◽  
Engineering Process ◽  
Software Life Cycle ◽  
Security Engineering ◽  
Controlled Systems ◽  
Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Software Security Engineering – Part I

2015 ◽  
pp. 459-494
Author(s):  
Issa Traore ◽  
Isaac Woungang
Keyword(s):  
Software Engineering ◽  
Software Development ◽  
Development Process ◽  
Software Security ◽  
Security Assessment ◽  
Security Engineering ◽  
Model Driven ◽  
Software Vulnerabilities ◽  
Software Products ◽  
Assessment And Testing

It has been reported in the literature that about twenty new software vulnerabilities are reported weekly. This situation has increased the security awareness in the software community. Nowadays, software services are expected not only to satisfy functional requirements but also to resist malicious attacks. As demand for more trustworthy systems is increasing, the software industry is adjusting itself to security standards and practices by increasing security assessment and testing effort. Even though there is a consensus that better software engineering is to improve software quality in the early stage of software development, so far, various approaches that have been proposed to analyze and quantitatively measure the software security target, primarily show the finished software products in their operational life. There are few achievements on how to reduce or effectively mitigate the security risks faced by software products during the development process. In this chapter, the authors introduce a novel model-driven perspective on secure software engineering, which integrates seamlessly software security analysis with traditional software development activities. A systematic security engineering process that starts in the early stages of the software development process and spans the entire software lifecycle is presented. Fundamental software security concepts and analysis techniques are also introduced, and several illustrative examples are presented, with focus on security requirements and risk analysis.

Software Security Engineering

2009 ◽  
pp. 2744-2759
Author(s):  
Mohammad Zulkernine ◽  
Sheikh I. Ahamed
Keyword(s):  
Software Engineering ◽  
Software Security ◽  
Rapid Development ◽  
Process Models ◽  
Software Systems ◽  
Engineering Process ◽  
Software Life Cycle ◽  
Computing Systems ◽  
Security Engineering ◽  
Protection Mechanisms

The rapid development and expansion of network based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: almost every software controlled system faces threats from potential adversaries both from internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving the above two different but interdependent objectives is that current software engineering processes do notprovide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state of the art of software engineering and security engineering with respect to computer systems.

Dimensions of Robust Security Testing in Global Software Engineering

2019 ◽  
pp. 252-272
Author(s):  
Ali Akber ◽  
Syed Sajjad Hussain Rizvi ◽  
Muhammad Waqar Khan ◽  
Vali Uddin ◽  
Manzoor Ahmed Hashmani ◽  
...  
Keyword(s):  
Software Engineering ◽  
Literature Review ◽  
Software Testing ◽  
Software Quality ◽  
Software Security ◽  
Research Work ◽  
Testing Methods ◽  
Security Testing ◽  
Massive Number ◽  
Global Software Engineering

Over the last few decades, software security has become significant in parallel to general software testing. Previously, the scope of software security was relatively limited as compared to the software functionality. But now, in global software engineering, the scope and budget of software security are far more than its basic functionality. This has created a pressing need to devise the separate set of working boundaries between software quality testing, and software security testing in global software engineering. In the past literature, a massive number of software security testing methods has been devised. In this paper, a comprehensive literature review is presented on the recent global software security testing methods. In addition, the strength and limitation of each framework are discussed and analyzed. Finally, this work submits the open areas in the domain of global software security testing methods as one of the deliverables of this research work.

Software Security Engineering – Part I

2013 ◽  
pp. 221-255 ◽  
Author(s):  
Issa Traore ◽  
Isaac Woungang
Keyword(s):  
Software Engineering ◽  
Software Development ◽  
Development Process ◽  
Software Security ◽  
Security Assessment ◽  
Security Engineering ◽  
Model Driven ◽  
Software Vulnerabilities ◽  
Software Products ◽  
Assessment And Testing

It has been reported in the literature that about twenty new software vulnerabilities are reported weekly. This situation has increased the security awareness in the software community. Nowadays, software services are expected not only to satisfy functional requirements but also to resist malicious attacks. As demand for more trustworthy systems is increasing, the software industry is adjusting itself to security standards and practices by increasing security assessment and testing effort. Even though there is a consensus that better software engineering is to improve software quality in the early stage of software development, so far, various approaches that have been proposed to analyze and quantitatively measure the software security target, primarily show the finished software products in their operational life. There are few achievements on how to reduce or effectively mitigate the security risks faced by software products during the development process. In this chapter, the authors introduce a novel model-driven perspective on secure software engineering, which integrates seamlessly software security analysis with traditional software development activities. A systematic security engineering process that starts in the early stages of the software development process and spans the entire software lifecycle is presented. Fundamental software security concepts and analysis techniques are also introduced, and several illustrative examples are presented, with focus on security requirements and risk analysis.

Sign in / Sign up

Export Citation Format

Share Document