Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniq...Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.展开更多
Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).T...Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.展开更多
Foeused on the lack of proper organization for patterns in the development of pattern based software, a POMSDP model with layered tree structure for organizing patterns during the process of development was put torwar...Foeused on the lack of proper organization for patterns in the development of pattern based software, a POMSDP model with layered tree structure for organizing patterns during the process of development was put torward. The model and its interrelated eoneepts were strictly defined and introduced by applying the theory of set, symbolie logic and pattern, which ensures the correctness, maturity and expansibility of the model. The expansibility of the model was discussed mainly. The basic realization and the application in the automatic query system were presented. Based on the existing software development methods, the POMSDP model resolves the problem of chaos in the application of patterns, strengthens the controllability of the system, and facilitates the improvement, maintenance, expansion, and especially the reengineering of the software system.展开更多
Since land resource database development in 1987/1988, a large amount of digital data in spatial, tabular and metadata format has been collected and generated. There are some application softwares of soil database to ...Since land resource database development in 1987/1988, a large amount of digital data in spatial, tabular and metadata format has been collected and generated. There are some application softwares of soil database to manage such a large amount of data, i.e.: Side & Horizon (SHDE4), Soil Sample Analysis (SSA), and Land Unit in dbf file, while Site and Horizon is in DataEase formats. The database contains soil physics and chemical property data of each soil horizon from surface to effective soil depth, climate, land surface condi- tions, and other parameters required for soil classification. Currently, database management software for land resources is still based on DOS and is stand alone. The system is not efficient and effectively used as Agri- cultural Land Resource Information System. At present, as a key component of this system requires review and development of new database software is compatible with the development of information technology. This paper explains about development of interactive agricultural land resources information system for op- timizing land resources data utilization. Hopefully, the software can give contributions in national Agricul- tural Land Resources System Information development for supporting food security.展开更多
Security technology is crucial in software development and operation in the digital age. Secure software can protect user privacy and data security, prevent hacker attacks and data breaches, ensure legitimate business...Security technology is crucial in software development and operation in the digital age. Secure software can protect user privacy and data security, prevent hacker attacks and data breaches, ensure legitimate business operations, and protect core assets. However, the development process often faces threats such as injection attacks, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF), mainly due to code vulnerabilities, configuration errors, and risks from third-party components. To meet these challenges, this paper discusses the application of security technology in development and operation, emphasizing security requirements analysis, design principles, coding practices, and testing during the development phase. Along with focusing on environmental configuration, continuous monitoring, emergency response, disaster recovery, and regular auditing and updating during the operation phase. These measures can significantly enhance the security of software systems and protect user and corporate data.展开更多
In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementi...In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js,Spring Boot,and MySQL architecture.The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication,fine-grained authorization controls,sophisticated session management,data confidentiality and integrity protection,secure logging mechanisms,comprehensive error handling,high availability strategies,advanced input validation,and security headers implementation.Significant contributions are made to the field of web application security.First,a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats,backed by rigorous analysis and industry best practices.Second,the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment,demonstrating the practical effectiveness of the security measures.The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection,ensuring robust security coverage.The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology.A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle(SSDLC),creating a security-first mindset from initial design to deployment.By combining proactive secure coding practices with defensive security approaches,a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams.This hybrid approach ensures that security considerations are woven into every aspect of the development process,rather than being treated as an afterthought.展开更多
The rapid integration of artificial intelligence(AI)into software development,driven by large language models(LLMs),is reshaping the role of programmers from traditional coders into strategic collaborators within Indu...The rapid integration of artificial intelligence(AI)into software development,driven by large language models(LLMs),is reshaping the role of programmers from traditional coders into strategic collaborators within Industry 4.0 ecosystems.This qualitative study employs a hermeneutic phenomenological approach to explore the lived experiences of Information Technology(IT)professionals as they navigate a dynamic technological landscape marked by intelligent automation,shifting professional identities,and emerging ethical concerns.Findings indicate that developers are actively adapting to AI-augmented environments by engaging in continuous upskilling,prompt engineering,interdisciplinary collaboration,and heightened ethical awareness.However,participants also voiced growing concerns about the reliability and security of AI-generated code,noting that these tools can introduce hidden vulnerabilities and reduce critical engagement due to automation bias.Many described instances of flawed logic,insecure patterns,or syntactically correct but contextually inappropriate suggestions,underscoring the need for rigorous human oversight.Additionally,the study reveals anxieties around job displacement and the gradual erosion of fundamental coding skills,particularly in environments where AI tools dominate routine development tasks.These findings highlight an urgent need for educational reforms,industry standards,and organizational policies that prioritize both technical robustness and the preservation of human expertise.As AI becomes increasingly embedded in software engineering workflows,this research offers timely insights into how developers and organizations can responsibly integrate intelligent systems to promote accountability,resilience,and innovation across the software development lifecycle.展开更多
将SDL(Security Development Lifecycle)的开发过程的13个活动划分成了5个过程,并对5个过程中的各个活动作了详细描述,同时对每个过程的安全性作了分析。通过与传统的开发模式的对比,体现出SDL在软件开发方面更高的安全性,最后引入了微...将SDL(Security Development Lifecycle)的开发过程的13个活动划分成了5个过程,并对5个过程中的各个活动作了详细描述,同时对每个过程的安全性作了分析。通过与传统的开发模式的对比,体现出SDL在软件开发方面更高的安全性,最后引入了微软在实践中成功应用SDL的案例来说明SDL较高的实际应用价值。展开更多
Exploring the utilization effect of water-land resources under the evolution of dietary patterns is of great significance in achieving sustainable global food consumption and the effective allocation of national resou...Exploring the utilization effect of water-land resources under the evolution of dietary patterns is of great significance in achieving sustainable global food consumption and the effective allocation of national resources.Our selected study area was China,a country with rapidly changing dietary consumption patterns,and the research period was between 1987 and 2020.Based on the material called Chinese Dietary Guidelines 2021,this study introduced the“virtual water”and the“virtual land”to quantify the utilization effect of water-land resources under the evolution of Chinese dietary patterns.Results showed that the dietary patterns gradually changed from“cereal-vegetable-based consumption”to“diversified consumption”.Food consumption’s total water footprint(WF)increased from 471.1 Gm3in 1987 to 848.8 Gm3in 2020,with a growth rate of 80.2%.Moreover,the total land requirement for food(LRF)increased from 88.8 Mha in 1987 to 129.9 Mha in 2020,with a growth rate of 46.3%.Furthermore,the meat consumption was the major contributor to the increase in total WF(104.0%)and LRF(102.1%).In contrast to the balanced diet pattern,there was no waste of water-land resources consumption for the food consumption of urban-rural residents in China between 1987 and 2020.However,the consumption of water resources would gradually approach the resource cost under the balanced diet patterns.It would eventually break through the critical value and reach the state of resource waste.In addition,the findings showed that urban residents’waste rate of water-land resources for meat consumption increased by 142.3%compared with that in 1987.The research results can provide scientific guidance for resolving the food crisis under the supply of water-land resources in China and have an essential reference for national food security and sustainable development of resources and environment.展开更多
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed eit...In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.展开更多
Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps ha...Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.展开更多
Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologi...Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection,mitigation,and prevention.This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project(OWASP).OWASP maintains lists of the top ten security threats to web and mobile applications.We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.We analyze 200+healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats,the threat of“Insecure Data Storage.”We find that many of the applications are storing personally identifying information(PII)in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.展开更多
The field of software engineering and software technology is developing very fast. Perhaps as a consequence, there is seldom enough interest or opportunity for systematic investigation of how the underlying technology...The field of software engineering and software technology is developing very fast. Perhaps as a consequence, there is seldom enough interest or opportunity for systematic investigation of how the underlying technology will actually perform. That is, we introduce new concepts, methods, techniques and tools – or change existing ones and emphasize their value. A major turn in software engineering leading to Componentware has dramatically changed the shape of software development and introduced interesting methods for the design and rapid development of systems which may provide cost-effective benefits. In this paper we will discuss Componentware, process model, architecture, principles and the drivers, advantages, disadvantage and reveal profound changes from the traditional software engineering approaches.展开更多
本文简要介绍了软件安全开发生命周期模型(Security Development Lifecycle,SDL)安全开发用于软件开发体系的具体方法:建立软件整体架构、明确安全设计方法;以安卓安全卫士为开发视角,给出SDL安全开发的技术流程,总结SDL安全开发的技术...本文简要介绍了软件安全开发生命周期模型(Security Development Lifecycle,SDL)安全开发用于软件开发体系的具体方法:建立软件整体架构、明确安全设计方法;以安卓安全卫士为开发视角,给出SDL安全开发的技术流程,总结SDL安全开发的技术优势;从本地化角度对比分析本地化工具,指出客户端使用SDL安全开发的积极意义,以此简化开发流程,缩短开发时间。展开更多
文摘Software-related security aspects are a growing and legitimate concern,especially with 5G data available just at our palms.To conduct research in this field,periodic comparative analysis is needed with the new techniques coming up rapidly.The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle(SDLC)by analyzing the articles published in the last two decades and to propose a way forward.This review follows Kitchenham’s review protocol.The review has been divided into three main stages including planning,execution,and analysis.From the selected 100 articles,it becomes evident that need of a collaborative approach is necessary for addressing critical software security risks(CSSRs)through effective risk management/estimation techniques.Quantifying risks using a numeric scale enables a comprehensive understanding of their severity,facilitating focused resource allocation and mitigation efforts.Through a comprehensive understanding of potential vulnerabilities and proactive mitigation efforts facilitated by protection poker,organizations can prioritize resources effectively to ensure the successful outcome of projects and initiatives in today’s dynamic threat landscape.The review reveals that threat analysis and security testing are needed to develop automated tools for the future.Accurate estimation of effort required to prioritize potential security risks is a big challenge in software security.The accuracy of effort estimation can be further improved by exploring new techniques,particularly those involving deep learning.It is also imperative to validate these effort estimation methods to ensure all potential security threats are addressed.Another challenge is selecting the right model for each specific security threat.To achieve a comprehensive evaluation,researchers should use well-known benchmark checklists.
文摘Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.
文摘Foeused on the lack of proper organization for patterns in the development of pattern based software, a POMSDP model with layered tree structure for organizing patterns during the process of development was put torward. The model and its interrelated eoneepts were strictly defined and introduced by applying the theory of set, symbolie logic and pattern, which ensures the correctness, maturity and expansibility of the model. The expansibility of the model was discussed mainly. The basic realization and the application in the automatic query system were presented. Based on the existing software development methods, the POMSDP model resolves the problem of chaos in the application of patterns, strengthens the controllability of the system, and facilitates the improvement, maintenance, expansion, and especially the reengineering of the software system.
文摘Since land resource database development in 1987/1988, a large amount of digital data in spatial, tabular and metadata format has been collected and generated. There are some application softwares of soil database to manage such a large amount of data, i.e.: Side & Horizon (SHDE4), Soil Sample Analysis (SSA), and Land Unit in dbf file, while Site and Horizon is in DataEase formats. The database contains soil physics and chemical property data of each soil horizon from surface to effective soil depth, climate, land surface condi- tions, and other parameters required for soil classification. Currently, database management software for land resources is still based on DOS and is stand alone. The system is not efficient and effectively used as Agri- cultural Land Resource Information System. At present, as a key component of this system requires review and development of new database software is compatible with the development of information technology. This paper explains about development of interactive agricultural land resources information system for op- timizing land resources data utilization. Hopefully, the software can give contributions in national Agricul- tural Land Resources System Information development for supporting food security.
文摘Security technology is crucial in software development and operation in the digital age. Secure software can protect user privacy and data security, prevent hacker attacks and data breaches, ensure legitimate business operations, and protect core assets. However, the development process often faces threats such as injection attacks, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF), mainly due to code vulnerabilities, configuration errors, and risks from third-party components. To meet these challenges, this paper discusses the application of security technology in development and operation, emphasizing security requirements analysis, design principles, coding practices, and testing during the development phase. Along with focusing on environmental configuration, continuous monitoring, emergency response, disaster recovery, and regular auditing and updating during the operation phase. These measures can significantly enhance the security of software systems and protect user and corporate data.
文摘In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js,Spring Boot,and MySQL architecture.The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication,fine-grained authorization controls,sophisticated session management,data confidentiality and integrity protection,secure logging mechanisms,comprehensive error handling,high availability strategies,advanced input validation,and security headers implementation.Significant contributions are made to the field of web application security.First,a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats,backed by rigorous analysis and industry best practices.Second,the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment,demonstrating the practical effectiveness of the security measures.The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection,ensuring robust security coverage.The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology.A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle(SSDLC),creating a security-first mindset from initial design to deployment.By combining proactive secure coding practices with defensive security approaches,a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams.This hybrid approach ensures that security considerations are woven into every aspect of the development process,rather than being treated as an afterthought.
文摘The rapid integration of artificial intelligence(AI)into software development,driven by large language models(LLMs),is reshaping the role of programmers from traditional coders into strategic collaborators within Industry 4.0 ecosystems.This qualitative study employs a hermeneutic phenomenological approach to explore the lived experiences of Information Technology(IT)professionals as they navigate a dynamic technological landscape marked by intelligent automation,shifting professional identities,and emerging ethical concerns.Findings indicate that developers are actively adapting to AI-augmented environments by engaging in continuous upskilling,prompt engineering,interdisciplinary collaboration,and heightened ethical awareness.However,participants also voiced growing concerns about the reliability and security of AI-generated code,noting that these tools can introduce hidden vulnerabilities and reduce critical engagement due to automation bias.Many described instances of flawed logic,insecure patterns,or syntactically correct but contextually inappropriate suggestions,underscoring the need for rigorous human oversight.Additionally,the study reveals anxieties around job displacement and the gradual erosion of fundamental coding skills,particularly in environments where AI tools dominate routine development tasks.These findings highlight an urgent need for educational reforms,industry standards,and organizational policies that prioritize both technical robustness and the preservation of human expertise.As AI becomes increasingly embedded in software engineering workflows,this research offers timely insights into how developers and organizations can responsibly integrate intelligent systems to promote accountability,resilience,and innovation across the software development lifecycle.
文摘将SDL(Security Development Lifecycle)的开发过程的13个活动划分成了5个过程,并对5个过程中的各个活动作了详细描述,同时对每个过程的安全性作了分析。通过与传统的开发模式的对比,体现出SDL在软件开发方面更高的安全性,最后引入了微软在实践中成功应用SDL的案例来说明SDL较高的实际应用价值。
基金National Natural Science Foundation of China,No.42171230,No.42071170。
文摘Exploring the utilization effect of water-land resources under the evolution of dietary patterns is of great significance in achieving sustainable global food consumption and the effective allocation of national resources.Our selected study area was China,a country with rapidly changing dietary consumption patterns,and the research period was between 1987 and 2020.Based on the material called Chinese Dietary Guidelines 2021,this study introduced the“virtual water”and the“virtual land”to quantify the utilization effect of water-land resources under the evolution of Chinese dietary patterns.Results showed that the dietary patterns gradually changed from“cereal-vegetable-based consumption”to“diversified consumption”.Food consumption’s total water footprint(WF)increased from 471.1 Gm3in 1987 to 848.8 Gm3in 2020,with a growth rate of 80.2%.Moreover,the total land requirement for food(LRF)increased from 88.8 Mha in 1987 to 129.9 Mha in 2020,with a growth rate of 46.3%.Furthermore,the meat consumption was the major contributor to the increase in total WF(104.0%)and LRF(102.1%).In contrast to the balanced diet pattern,there was no waste of water-land resources consumption for the food consumption of urban-rural residents in China between 1987 and 2020.However,the consumption of water resources would gradually approach the resource cost under the balanced diet patterns.It would eventually break through the critical value and reach the state of resource waste.In addition,the findings showed that urban residents’waste rate of water-land resources for meat consumption increased by 142.3%compared with that in 1987.The research results can provide scientific guidance for resolving the food crisis under the supply of water-land resources in China and have an essential reference for national food security and sustainable development of resources and environment.
文摘In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.
基金funded by the Taif University Researchers Supporting Projects at Taif University,Kingdom of Saudi Arabia,under Grant Number:TURSP-2020/231.
文摘Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.
文摘Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection,mitigation,and prevention.This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project(OWASP).OWASP maintains lists of the top ten security threats to web and mobile applications.We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.We analyze 200+healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats,the threat of“Insecure Data Storage.”We find that many of the applications are storing personally identifying information(PII)in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.
文摘The field of software engineering and software technology is developing very fast. Perhaps as a consequence, there is seldom enough interest or opportunity for systematic investigation of how the underlying technology will actually perform. That is, we introduce new concepts, methods, techniques and tools – or change existing ones and emphasize their value. A major turn in software engineering leading to Componentware has dramatically changed the shape of software development and introduced interesting methods for the design and rapid development of systems which may provide cost-effective benefits. In this paper we will discuss Componentware, process model, architecture, principles and the drivers, advantages, disadvantage and reveal profound changes from the traditional software engineering approaches.
文摘本文简要介绍了软件安全开发生命周期模型(Security Development Lifecycle,SDL)安全开发用于软件开发体系的具体方法:建立软件整体架构、明确安全设计方法;以安卓安全卫士为开发视角,给出SDL安全开发的技术流程,总结SDL安全开发的技术优势;从本地化角度对比分析本地化工具,指出客户端使用SDL安全开发的积极意义,以此简化开发流程,缩短开发时间。
