Secure SDLC Using Security Patterns 2.0

Abstract

Bug-free software application is expected by all the users. Trustworthiness of the application is value to software. The cyber-attacks are increasing day by day as the software-intensive systems are gradually increasing and pervading our everyday lives and at the same pace software vulnerabilities are also increasing due to implementation flaws during software development. Users, hackers and developers open many vulnerabilities. Hence, secure software development is essential and urgent need to mitigate all the known vulnerabilities during all stages of software development life cycle. Hence, we proposed “Secure SDLC using Security Patterns 2.0 (SSDLC using SPs2.0)”, and this framework enhances security by minimizing the known vulnerability. Identifying the security requirements using security discoverer process, selection of security pattern for identified security requirements, design security requirements using security building blocks, creating test templates to support pattern implementation during development stage, vulnerability scanning and secure configurations are key functionalities in our SSDLC using SPs 2.0 framework. The proposed framework integrates security concerns from initial to disposal stage, and hence, software security vulnerabilities are found and mitigated at SDLC initial stages and save huge amount of reengineering cost for post-implementation vulnerabilities.