{"title":"A Collaborative Platform Featuring Visibility, Tracking, Monitoring and Awareness for Building Security In.","authors":"H. Herath, G. Wimalaratne","doi":"10.17706/IJCCE.2018.7.4.145-166","DOIUrl":null,"url":null,"abstract":"Software developed referring to a poor design often causes the introduction of security issues which could spread into other phases of the Software Development Life Cycle if not address in the initial stages. This could lead to major security breaches and loss of valuable assets to the consumers. Identifying and fixing security issues as early as possible in a software product is the most cost-effective way of implementing software security. This research proposes a proactive approach to build security into the product itself with the aid of a new tool developed as a proof of concept. The proposed semi-automatic tool will address limitations in current approaches to secure software engineering when developing a software product by providing visibility, tracking, awareness, and progress monitoring. Additionally Developers, Architects, QA, BA, and Management, as well as the Users, can participate in the Threat Modeling and architectural security analysis contributing their input for Security Engineering with the support provided by the tool as an interactive platform, a knowledge base and as an integration platform. The Microsoft Threat Modeling Tool is being used to generate the threat models. The tool extracts threat model information and produces detailed mitigations using known vulnerability databases and classification techniques. Developers can better understand the potential threats, vulnerabilities when coding and integration functionality with a Project Management Tool can provide visibility and tracking of Building Security In throughout SDLC.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":"29 1","pages":"145-166"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/IJCCE.2018.7.4.145-166","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Software developed referring to a poor design often causes the introduction of security issues which could spread into other phases of the Software Development Life Cycle if not address in the initial stages. This could lead to major security breaches and loss of valuable assets to the consumers. Identifying and fixing security issues as early as possible in a software product is the most cost-effective way of implementing software security. This research proposes a proactive approach to build security into the product itself with the aid of a new tool developed as a proof of concept. The proposed semi-automatic tool will address limitations in current approaches to secure software engineering when developing a software product by providing visibility, tracking, awareness, and progress monitoring. Additionally Developers, Architects, QA, BA, and Management, as well as the Users, can participate in the Threat Modeling and architectural security analysis contributing their input for Security Engineering with the support provided by the tool as an interactive platform, a knowledge base and as an integration platform. The Microsoft Threat Modeling Tool is being used to generate the threat models. The tool extracts threat model information and produces detailed mitigations using known vulnerability databases and classification techniques. Developers can better understand the potential threats, vulnerabilities when coding and integration functionality with a Project Management Tool can provide visibility and tracking of Building Security In throughout SDLC.