Proceedings of the 21st International Workshop on Computer Science and Information Technologies (CSIT 2019)

Implementation of Secure Software Development Lifecycle in a Large Software Development Organization

Authors
Lada Gonchar
Corresponding Author
Lada Gonchar
Available Online December 2019.
DOI
10.2991/csit-19.2019.23How to use a DOI?
Keywords
Secure Software Development Lifecycle, threat modelling, generalized threat model, penetration testing, security validation.
Abstract

Secure Software Development Lifecycle is an important part of developing secure software. On the one hand, such process requires a significant effort related to upskilling of developers, analysing of coding and security testing, on the other hand, generates a large amount of data on the process level (e.g. assets, dependencies, risks and mitigations) as well as on the technical level (e.g. results of static and dynamic code analysis tools). All this measure needs to be integrated in the software development process. We demonstrate how to handle this effectively by using threat modelling methodology with two different variants and generalized threat model for selected domains in the large software development organization, where we have on the one hand big variety of different application types on the other hand standardized architecture for the application development. Existing threat modelling approaches doesn’t fit to SAP specific security requirements. Author proposes the generalized threat model to speed up the risk assessments and increase efficiency of security measures for ERP applications.

Copyright
© 2019, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 21st International Workshop on Computer Science and Information Technologies (CSIT 2019)
Series
Atlantis Highlights in Computer Sciences
Publication Date
December 2019
ISBN
978-94-6252-868-0
ISSN
2589-4900
DOI
10.2991/csit-19.2019.23How to use a DOI?
Copyright
© 2019, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Lada Gonchar
PY  - 2019/12
DA  - 2019/12
TI  - Implementation of Secure Software Development Lifecycle in a Large Software Development Organization
BT  - Proceedings of the 21st International Workshop on Computer Science and Information Technologies (CSIT 2019)
PB  - Atlantis Press
SP  - 137
EP  - 139
SN  - 2589-4900
UR  - https://doi.org/10.2991/csit-19.2019.23
DO  - 10.2991/csit-19.2019.23
ID  - Gonchar2019/12
ER  -