Cuixue Zhang, Meijiao Zhou, Yalian Xie, Xiangli Li
National Engineering Research Centre Industrial Process Automation, Shanghai Institute of Process Automation Instrumentation (SIPAI), Shanghai, China.
School of Optical-Electrical and Computer Engineering, University of Shanghai for Science and Technology, Shanghai, China.
DOI: 10.4236/jsea.2014.71001   PDF    HTML     3,548 Downloads   6,777 Views   Citations

Abstract

As it has been stepping into the e-time period, software, which is considered as the key factor of the network and computer development, has become an integral part of everyday life. Millions of people may perform transaction through internet, mobile phone, ATM, and send e-mails, handle word processing or spreadsheets for different purposes. In another word, the network and information have been related to our daily life completely. Then, by IT advancing, the awareness of software security becomes a hot and serious topic. This paper will give some comments in various aspects, such as, in the beginning of the SDLC (System Development Life Cycle), how do designers analyze the functional and non-functional requirements and choose the proper development model? And then the testing professors take which kinds of methods to test the software with white-box testing or black-box testing to discover the vulnerabilities and flaws. At the same time, the paper gives some examples to demonstrate why the security of software is pretty important and what we should do to secure that. In addition, the paper will talk something about the enterprises’ actions to build a more secure network environment.

Keywords

e-Time; SDLC; Software Security; White-Box Testing and Black-Box Testing

Share and Cite:

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	C. Banerjee and S. K. Pandey, “Software Security Rules: SDLC Perspective,” (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 1, 2009.
[2]	C. Y. Lester, “A Practical Application of Software Security in an Undergraduate Software Engineering Course,” IJCSI International Journal of Computer Science Issues, Vol. 7, No. 3, 2010.
[3]	H.-Y. Sun and X.-C. Shi, “The Relationship Research between Reliability, Safety and Functional Security,” 2010.
[4]	A. Sumithra and Dr E. Ramraj, “A Checklist Based Framework for Software Security Risk Management,” International Journal of Computing Technologies and Applications, Vol. 2, No. 2, pp. 304-308.
[5]	B. Boehm, “A Spiral Model of Software Development and Enhancement,” IEEE Computer, Vol. 21, No. 5, 1988, pp. 61-72. http://dx.doi.org/10.1109/2.59
[6]	R. S. Gaykar and D. S. Joshi, “Enhancement of Software Security Through Design Phase,” Résumé S. Gaykar et al./International Journal of Engineering Science and Technology (IJEST), Vol. 3, No. 4, 2011.
[7]	A. Austin, C. Holmgren and L. Williams, “A Comparison of the Efficiency and Effectiveness of Vulnerability Discovery Techniques,” Information and Software Technology, Vol. 55, No. 1, 2013, pp. 1279-1288. http://dx.doi.org/10.1016/j.infsof.2012.11.007
[8]	R. Wang, “Research on Comprehensive Evaluation Method of Application Software Security,” Dalian University of Technology, Dalian, 2013.
[9]	China Internet Security Conferences, CISC 360, 2013.
[10]	D. Z. Zhang, D. G. Liu, C. Csallner, D. Kung and Y. Lei, “A Distributed Framework for Demand-Driven Software Vulnerability Detection,” The Journal of Systems and Software, G Model, JSS-9220.
[11]	M. Kimura, “Software Vulnerability: Definition, Modeling, and Practical Evaluation for E-Mail Transfer Software,” International Journal of Pressure Vessels and Piping, Vol. 83, 2006, pp. 256-261. http://dx.doi.org/10.1016/j.ijpvp.2006.02.003
[12]	B. Smith and L. Williams, “Systematizing Security Test Planning Using Functional Requirements Phrases,” Technical Report TR-2011-5, North Carolina State University, Raleigh, 2011.
[13]	360 Internet Security Centre, Featuring Research from Gartner, “Development Trend of Enterprise Security in the Internet Age,” 2013.