Litcius/Paper detail

Theory and practice in secure software development lifecycle: A comprehensive survey

Martin Otieno, David Odera, Jairus Ekume Ounza

2023World Journal of Advanced Research and Reviews19 citationsDOIOpen Access PDF

Abstract

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.

Topics & Concepts

Secure codingSoftware security assuranceComputer securitySecurity testingComputer scienceSecurity information and event managementSecurity through obscuritySecurity serviceSecurity bugSoftware developmentVulnerability managementApplication securityCloud computing securityInformation securitySoftwareVulnerability assessmentPsychologyCloud computingOperating systemPsychological resiliencePsychotherapistProgramming languageInformation and Cyber SecuritySoftware Engineering Techniques and Practices