Abstract
There have been development and improvement of numerous software engineering practices but we still need to find and adopt strategies to make the software more secure. Many software engineering practices currently being utilized have been rolled out prior to the development of the World Wide Web and internet and thus lags in ensuring defense against remotely performed and complex cyberattacks. We have techniques to automate the customer functionality requirement process which can be provided explicitly by the customer as well, but something that a customer expects implicitly from the developed system is the security requirements which the developers should be taken into consideration. Agile software development has a provision to adopt changes at the later stages, but the cost and effort of implementation get progressively more exponential in later stages. Moreover, the security requirements might not fix all the bugs in later stages of development. Hence there is a need to use effective strategies at the beginning of the project to define significant functional and security requirements to minimize the efforts, cost, and implementation complexities at the later stages of the agile software development life cycle. There have been improvements in defining the customer functionality requirements but the security defining mechanisms are still immature. This paper thus discusses the existing works that determine the implicit security requirements in the form of security compliance mechanisms, formal methods of security, security modeling techniques. It discusses techniques namely Fault Tree Analysis (FTA), Failure Modes and Effect Analysis (FMEA), System theoretic process analysis (STPA), Attack Tree Analysis (ATA), and many more. Also, a secure agile development framework is proposed to reduce the costs and efforts throughout the development. The key aspects of our framework rely on aggressive training, prototype development, plan and replan in the prototyping phase, integration of testing in each iteration, and implementation as per security standards.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.