Creating and Using Secure Software

In this paper, we outline the Software Development LifeCycle (SDLC: requirements elicitation & definition, design, implementation, testing, and maintenance) and seek to find and convey the best practices for security throughout the it. Security should be made a priority when defining system requirements; system design and architecture should embody those requirements through secure models (supporting integrity, confidentiality, authorization); developers should translate those specifications to the code; proper test cases should be devised in order to assess possible vulnerabilities of completed systems; maintenance and evolution teams should be cognizant of previous security measures to avoid compromising them with functional improvements. Further, there are measures that should be taken outside of and after the completion of this cycle to reduce the risk of successful attacks both in terms of securing data and in terms of compounding the difficulty of reverse engineering. Methods include new approaches to authentication, the old standby of cryptography, and obfuscating source code so that exploiting it will be difficult. Employing all of these strategies in tandem should produce secure yet functional systems with security present in all layers; the more barriers that stand in an attacker’s way, the less often an attack will be attempted and those increases the reactionary time that system administrators have to respond to attacks in progress.