Yuan-Hsin Tung, Sheng-Chen Lo, Jen-Feng Shih, H. Lin
{"title":"安全软件开发生命周期的集成安全测试框架","authors":"Yuan-Hsin Tung, Sheng-Chen Lo, Jen-Feng Shih, H. Lin","doi":"10.1109/APNOMS.2016.7737238","DOIUrl":null,"url":null,"abstract":"Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security is an important problem. In this paper, we propose an integrated security testing framework for secure software development life cycle. In our proposed framework, we apply security activities and practices of SSDLC to generate security guidelines. Furthermore, we integrate security testing tools as a platform to provide testing service and converge testing results of tools to improve accurate of test. To evaluate our proposed framework, we construct the prototype system by referring phases of framework. Our system can integrate various security testing tools and support secure activities in each phase of SSDLC. We had applied our system to at least 50 software developing projects. The results indicate that our prototype system can provide quality and stable service.","PeriodicalId":194123,"journal":{"name":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"An integrated security testing framework for Secure Software Development Life Cycle\",\"authors\":\"Yuan-Hsin Tung, Sheng-Chen Lo, Jen-Feng Shih, H. Lin\",\"doi\":\"10.1109/APNOMS.2016.7737238\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security is an important problem. In this paper, we propose an integrated security testing framework for secure software development life cycle. In our proposed framework, we apply security activities and practices of SSDLC to generate security guidelines. Furthermore, we integrate security testing tools as a platform to provide testing service and converge testing results of tools to improve accurate of test. To evaluate our proposed framework, we construct the prototype system by referring phases of framework. Our system can integrate various security testing tools and support secure activities in each phase of SSDLC. We had applied our system to at least 50 software developing projects. The results indicate that our prototype system can provide quality and stable service.\",\"PeriodicalId\":194123,\"journal\":{\"name\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"volume\":\"66 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2016.7737238\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2016.7737238","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An integrated security testing framework for Secure Software Development Life Cycle
Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security is an important problem. In this paper, we propose an integrated security testing framework for secure software development life cycle. In our proposed framework, we apply security activities and practices of SSDLC to generate security guidelines. Furthermore, we integrate security testing tools as a platform to provide testing service and converge testing results of tools to improve accurate of test. To evaluate our proposed framework, we construct the prototype system by referring phases of framework. Our system can integrate various security testing tools and support secure activities in each phase of SSDLC. We had applied our system to at least 50 software developing projects. The results indicate that our prototype system can provide quality and stable service.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
