We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 November 2024
Reseach Article

Security Testing in Requirements Phase of SDLC

by S.k. Pandey, Mona Batra
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 68 - Number 9
Year of Publication: 2013
Authors: S.k. Pandey, Mona Batra
10.5120/11609-6985

S.k. Pandey, Mona Batra . Security Testing in Requirements Phase of SDLC. International Journal of Computer Applications. 68, 9 ( April 2013), 31-35. DOI=10.5120/11609-6985

@article{ 10.5120/11609-6985,
author = { S.k. Pandey, Mona Batra },
title = { Security Testing in Requirements Phase of SDLC },
journal = { International Journal of Computer Applications },
issue_date = { April 2013 },
volume = { 68 },
number = { 9 },
month = { April },
year = { 2013 },
issn = { 0975-8887 },
pages = { 31-35 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume68/number9/11609-6985/ },
doi = { 10.5120/11609-6985 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:27:23.617130+05:30
%A S.k. Pandey
%A Mona Batra
%T Security Testing in Requirements Phase of SDLC
%J International Journal of Computer Applications
%@ 0975-8887
%V 68
%N 9
%P 31-35
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The importance and real potential of security in Requirements Engineering (RE) is now being well recognized. The inclusion of security controls and measures during the requirements phase helps to design, implement, develop and maintain secure and cost effective software. Security testing is one of the prominent techniques to reveal defects in the requirements specification. The requirement phase is the foremost phase to integrate security into software development process. In this paper, we review current scenario of security testing in requirements phase and try to identify the major research directions, based on the related published work. Researcher/s can select any of the area and start the investigation in the area. In this way, this work may be useful for entry level researchers in the concerned area/s.

References
  1. A report from NPR i. e. NASA Procedural Requirement , NPR 7150. 2A. Retrieved on 6, March,2013. http://www. academia. edu/2557748/SoftwareStrategy_for_Reuse_Final_Study_Report
  2. The report, The Impact of Business Requirements on the Success of Technology Projects. Retrieved on March, 7, 2013. http://www. batimes. com/articles/the-impact-of- business-requirements-on-the-success-of-technology-projects. html
  3. Rosenberg, L. , Hyatt, L. , Hammer, T. , Huffman, L. , Wilson, W: Testing Metrics for Requirement Quality, Eleventh International Software Quality Week, San Francisco, CA.
  4. Mogyorodi, G. What is Requirement Based Testing? The Journal of Defense Software Engineering, 2003, pp 12-15.
  5. The report, called Strategies for Project Recovery. Retrieved on March, 5, 2013. http://www. zdnet. com/blog/projectfailures/cio- analysis-why-37-percent-of-projects-fail/12565
  6. Kumari A Charan and Srinivas K 2013. Search-based Software Requirements Selection: A Case Study, International Journal of Computer Applications 64(21):28-34.
  7. The Open Web Application Security Project (OWASP) cheat sheet in 2012 . Retrived on March ,7 ,2013 . https://www. owasp. org/index. php/Secure_SDLC_Cheat_Sheet#Purpose
  8. Amber Saima, Shawoo Narmeen, Begum Saira 2012 Determination of Risk During Requirement Engineering Process, Determination of Risk During Requirement Engineering Process, VOL. 3, NO. 3, pp 358-364.
  9. Besrour Souhaib and Ghani Imran 2012 Measuring Security in Requirement engineering, International Journal of Informatics and Communication Technology (IJ-ICT) Vol. 1, No. 2, pp 72-81.
  10. Carrillo De Gea Juan M. , Nicolss Joaquin , Fernandez Aleman Jose L. , Toval Ambrosio , Ebert Christof and Vizcaíno Aurora 2012 Requirements engineering tools: Capabilities, survey and assessment, Journal Information and Software Technology, Volume 54, Issue 10, pp 1142-1157.
  11. Salini P. and Kanmani S. 2012 Survey and analysis on Security Requirements Engineering, Journal Computers and Electrical Engineering, Volume 3, Issue 6, pp 1785-1797.
  12. Pandey S. K. 2012 Security Vigilance System through level driven Security maturity model, International Journal of Computer Science, Engineering and Information Technology (IJCSEIT), Volume 2, No. 2, pp 10-17.
  13. Gurses Seda, Seguran Magali and Zannone Nicola 2011. Requirements engineering within a large-scale security-oriented research project, Journal of Requirements Engineering, 18:43–66.
  14. Aljahdali Sultan, Bano Jameela and Hundewale Nisar 2011 Goal Oriented Requirements Engineering - A Review, -1-880843-83-3/ISCA CAINE.
  15. Jain Smriti, Ingle Maya 2011 Software Security Requirements Gathering Instrument, International Journal of Advanced Computer Science and Application Vol. 2, No. 7, pp 116-121.
  16. Wakchaure Manoj Ashok and Joshi Shashank D. 2012 A Framework to remove by vulnerability through Analysis Stage of SDLC, International Journal of Science, Technology & Management (IJSTM) vol2, issue-2.
  17. Christian T. and Mead N. 2010. Security Requirements Reusability and the SQUARE Methodology, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2010-TN-027. Retrieved on March, 7, 2013 http://www. sei. cmu. edu/library/abstracts/reports/10tn027. cfm
  18. Gandhi Robin A. , Siy Harvey, Wu Yan Studying Software Vulnerabilities Retrieved on March, 6, 2013. https://buildsecurityin. us-cert. gov/bsi/1209-BSI/version/1/part/4/data/1009GandhiSiyWu. pdf?branch=main&language=default
  19. Fabian Bennjamin, Gurses Seda, Heisel Maritta, Santen Thomas, Schmidt Holger. 2010 A comparison of security requirements engineering methods, Springer, Requirements engineering Volume 15, Issue- 1, pp 7-40.
  20. Faily Shamal and Flechais Ivan 2010 A Meta-Model for Usable Secure Requirements Engineering, SESS, pp-29-35.
  21. Daud Malik Imran 2010 Secure Software Development Model, A Guide for Secure Software Life cycle. International MultiConference of Engineers and Computer Scientists, Vol I, March 17 - 19, pp 1500-2246.
  22. The report on Requirement based Testing Process. Bender RBT Inc. , NY 12804 518-743-8755, 2009. Retrieved on March,8, 2013. http://benderrbt. com/Bender-Requirements%20Based%20Testing%20Process%20Overview. pdf
  23. Banerjee, C. and Pandey, S. K. . 2009. Software Security Rules: SDLC Perspective. (IJCSIS) International Journal of computer science and information security Vol. 6, No. 1, pp. 123-128.
  24. Hadavi M. A. , Hamishagi V. S. and Sangchi H. M. 2008. Security requirements Engineering; State of the Art and Research Challenges, International MultiConference of Engineers and Computer Scientists Vol I, pp 19-21.
  25. Haley Charles B. , Laney Robin, Moffett Jonathan D. and Nuseibeh Bashar 2008 Security Requirements Engineering: A Framework for Representation and Analysis, IEEE Transaction on software engineering, Vol 34, No. 1 , pp. 133-153.
  26. Savola Reijo 2007. Requirement Centric Security Evaluation of Software Intensive Systems, in the proceedings of the IEEE 2nd International Conference on Dependability of Computer Systems, IEEE-0-7695-2850-3/07, pp 135-144.
  27. Chen, T. Y. , Poon, P. , Tang, S. , Tse T. , Yu, Y 2006. Applying Testing to Requirements Inspection for Software Quality Assurance, Information Systems Control Journal 6,. Retrieved on March, 6. http://www. google. co. in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDgQFjAB&url=http%3A%2F%2Fciteseerx. ist. psu. edu%2Fviewdoc%2Fdownload%3Fdoi%3D10. 1. 1. 63. 9296%26rep%3Drep1%26type%3Dpdf&ei=WPo_UbL8BIbIrQeWioAo&usg=AFQjCNG4hgX_A54Bedz57lcP4
  28. Giorgini Paolo, Massacci Fabio and Zannone Nicola 2004 Security and Trust Requirements Engineering, Department of Information and Communication Technology University of Trento – Italy. Retrived on: March,7, 2013. http://eprints. biblio. unitn. it/534/1/016. pdf
  29. Gotel Orlena C. Z. and Anthony Finkelstein C. W. An Analysis of the Requirements Tracability problem, Imperial college of Science, Technology & Medicine. Department of Computing, 180 Queen's Gate London SW7 2BZ. Retrieved on March, 8, 2013. http://csis. pace. edu/~ogotel/research/GOTEL93%20An%20Analysis%20of%20the%20Requirements%20Traceability%20Problem. pdf
  30. Srivatanakul Thitima, Clark John A. , Polack Fiona 2004 Effective Security Requirements Analysis: HAZOP and Use Cases, 7th International Conference, volume 3225 of LNCS(Springer).
Index Terms

Computer Science
Information Sciences

Keywords

Security Testing Security Requirements Requirements Engineering Secure Requirements Engineering