Abstract

Software has become an integral part of everyday life. Every day, millions of people perform transaction through various applications run by these software as internet, ATM, mobile phone, they send email etc. People use software bearing in mind that it is reliable and can be trust upon and the operation they perform is secured. Now, if this software have ensemble security hole then how can they be safe for use. Security brings value to software in terms of people’s trust. The value provided by secure software is of vital importance because many critical functions are entirely dependent on the software. With limited budget and time to release software into the market, many developers often consider security as an after though. So in this work we have given a model to improve the security in SDLC model by using different method

References

1. “Software Security Rules:SDLC Perspective “ by C. Banerjee, S. K. Pandey (IJCSIS) International Journal of Computer Science and Information Security,Vol. 6, No.1, 2009
2. Agarwal, A. 2006), “How to integrate security into yourSDLC”, Available at: http://searchsoftwarequality.techtarget.com/tip/0,289483,sid92_gci1174897,00.html,
3. Meier, J. D., Mackman, A. And Wastell, B.(2005), Threat modelling web applications”, Available at: http://msdn.microsoft.com/enus/library/ms978516.aspx
4. Redwine, S. T. Jr and Davis, N.; et al, (2004), “Process to produce secure software: Towards more secure software”, National Cyber Security Summit, Vol.1
5. McGraw, G. (2006), “Software security: building security in”, Addison-Wesley, Boston, MA
6. Redwine, S. T. Jr and Davis, N.; et al, (2004), “Process to produce secure software: Towards more secure software”, National Cyber Security Summit, Vol.1
7. Gegick, M. and Williams, L. (2006), “On the design of more secure software-intensive systems by use of attack patterns”, Information and Software Technology, Vol. 49, pp 381-397.
8. Ralston, P.A.S; Graham, J.H and Hieb, J. L. (2007), “Cyber security risk assessment for SCADA and DCS networks”, ISA Transaction, Vol.46(4), pp583- 594.
9. Gegick, M. and Williams, L. (2006), “On the design of more secure software-intensive systems by use of attack patterns”, Information and Software Technology, Vol. 49, pp 381-397.
10. Security Assessment of Software Design using Neural Network A. Adebiyi, Johnnes Arreymbi and Chris Imafidon School of Architecture, Computing and Engineering University of East London, London, UK.
11. Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw,Nancy R. Mead: Software Security Engineering: A Guide for Project Managers, Addison Wesley Professional, 2008, pp 6-8.
12. Srinivasa, K.D. and Sattipalli, A. R, (2009), “Hand written character recognition using back propagation network”, Journal of Theoretical and Applied Information Technology, Vol. 5(3), pp 257-269
13. J. Wing, “A Call to Action: Look Beyond the Horizon,” IEEE Security & Privacy, vol. 1, no. 6, 2003, pp. 62–67.
14. G. McGraw, “Building Secure Software: Better than Protecting Bad Software(Point/Counterpoint with Greg Hoglund),” IEEE Software, vol. 19, no. 6, 2002, pp.57–59.
15. Anurag Agarwal, ―Threat modeling enhanced with misusecases, search software quality tech target.comhttp://searchsoftwarequality.techtarget.com/t.html.Aug.2,2008.
16. Ivan Flechais, M. Angela Sasse, Stephen M. V. Hailes, "Bringing Security Home: A process for developing secure and usable systems",NSPW ’03, Ascona, Switzerland, ACM, August 18-21, 2003.
17. John Wilander, Jens Gustavsson, “Security Requirements - A Field Study of Current Practice”, Symposium on Requirements Engineering for Information Security (SREIS'05), In conjunction with RE 05 - 13th IEEE International Requirements Engineering Conference, Paris, France, August 29th, 2005.
18. Proceedings of the International Multi Conference of Engineers and Computer Scientists 2008 Vol I IMECS 2008, 19-21 March, 2008, Hong Kong .
19. Ian Alexander, “Misuse Cases: Use Cases with Hostile Intent”, Journal of IEEE Software, Published by the IEEE Computer Society, 2003.
20. I. Alexander, “Misuse Cases Help to Elicit Non Functional Requirements”, Computing & Control Engineering Journal, vol. 14, no.1, pp. 40-45, Feb. 2003.
21. I. Alexander, “Modeling the Interplay of Conflicting Goals with Use and Misuse Cases”, In Proceedings of 8th International Workshop on Requirements Engineering: Foundation for Software, September 2002.
22. I. Alexander, “Initial Industrial Experience of Misuse Cases”, Proceedings of IEEE Joint International Requirements Engineering Conference, pp. 61-68, 2002.
23. G. Sindre, A. L. Opdahl, “Eliciting security requirements with misuse cases”, Requirements Eng, 10(1):34–44, 2005.
24. G. Sindre, A.L. Opdahl, “Templates for Misuse Case Description”, InProceedings of the 7th International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ’2001), June 2001.
25. Application security program” Secure Coding: Building Security into the Software Development Life Cycle” by Russell L. Jones and Abhinav Rastogi information systems security N O V E M B E R / D E C E M B E R 2 0 04.
26. Tim Grance, Joan Hash, and Marc Stevens, “Security Consideration in the Information System Development Life Cycle,” NIST, October 2003.
27. Software Security: Building Security In Editor: Gary McGraw, gem@cigital.com, PUBLISHED BY THE IEEE COMPUTER SOCIETY, 1540- 7993/04/$20.00 © 2004 IEEE
28. Threat Modeling and Security Pattern used in Design Phase of Secure Software Development life Cycle: International Journal of Advanced Research in Computer Science and Software Engineering Volume 2, Issue 4, April 2012 by Mr. Swapnesh Taterh, Prof (Dr.) K.P Yadav Prof (Dr.) S.K Sharma.
29. "Static analysis at the end of the SDLC doesn't work" by Wayne Ariola, SearchSoftwareQuality.com, September 22, 2008.
30. Uncertainty & Risk Analysis by Chris Rodger and Jason Petch BUSINESS DYNAMICS April 1999.
31. Security Requirements Engineering; State of the Art and Research Challenges by M. A. Hadavi, V. S. Hamishagi, H. M. Sangchi. Proceedings of the International MultiConference of Engineers and Computer Scientists 2008 Vol I IMECS 2008, 19-21 March, 2008, Hong Kong
32. Security Requirements Engineering: Robert CrookDarrel Ince Luncheng Lin Bashar Nuseibeh Security Requirements Group Department of Computing, The Open University Walton Hall, Milton Keynes, MK7 6AA, UK
33. “Importance of Testing in Software Development Life Cycle” by T.rajani devi. International Journal of Scientific & Engineering Research Volume 3, Issue 5, May-2012 1 ISSN 2229-5518.
34. Wright, Joe; Jim Harmening (2009). "15". Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 257.
35. Information Security Forum's Standard of Good Practice for Information Security.
36. Sample Report Security Test Plan Prepared by Security Innovation