Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

Mamoona Humayun,NZ Jhanjhi,Maram Fahhad Almufareh and Muhammad Ibrahim Khalil

1Department of Information Systems,College of Computer and Information Sciences,Jouf University,Al-Jouf,KSA

2School of Computer Science and Engineering(SCE),Taylor’s University,Selangor,Malaysia

3Department of Computer Science,Bahria University,Islamabad,Pakistan

Abstract:Security is critical to the success of software,particularly in today’s fast-paced, technology-driven environment.It ensures that data, code, and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capability maturity model integration).However, there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,in which security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components, and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC, despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap, we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC, resulting in more secure applications.

Keywords: Security; secure software development; software development life cycle(SDLC);confidentiality;integrity;availability

1 Introduction

Software security is a process that includes the design,development,and testing of software for security where vulnerabilities are detected and revealed by the software itself[1–3].It fundamentally requires a proactive approach that takes place within the pre-deployment process.It’s all about making the software development team do a great job to make it easier for operators.A simple error sometimes can end up causing millions of dollars of losses in today’s business processes.But unfortunately,many software development companies do not follow best practices to incorporate security in SDLC[4,5].This negligence includes lack of awareness, fear of time and cost overrun, use of third-party components and, lack of qualified professionals, etc.Due to the popularity and excessive usage of internet applications such as the internet of things,cloud computing,social media systems,etc., the number of security vulnerabilities is also overgrowing[6–9].

SDLC is a mechanism that generates the best quality and low-cost software in the shortest possible time.It offers a well-structured step flow that helps an enterprise easily produce high-quality, welltested,and ready-to-use software.The common phases of SLDC include planning,analysis, design,implementation, testing & integration, and maintenance [10–12].All these phases are dependent on each other and are of equal importance.If security is incorporated during all phases of SDLC then the resultant product will not be vulnerable to security threats.This is only possible if a secure SDLC process is followed, secure SDLC ensures that security-related activities are an integral part of the overall development effort[13–16].

Traditional security mechanisms mainly focus on network systems, and they spent a huge amount of money to make their network secure.These mechanisms include IDs(Intrusion detection system), firewalls, encryption, antivirus, and antispyware [17–19].Further, security is considered an afterthought that is usually addressed after completing the development cycle using the approach of P&P(penetrate and patch),which means creating the patches for the available flaws.The drawback of the P&P technique is that the application users do not apply these patches.Further,attackers might plan and penetrate new vulnerabilities[20–23].According to a report published by RiskIQ,security vulnerabilities alone cost as much as$25 per minute to the major companies while crypto companies face the loss of almost$2000 per minute due to cybercrimes[24].Another report presented by positive technologies;9 out of 10 web applications are vulnerable to security threats and about 39%of websites are vulnerable to unauthorized access,while data breach is a threat for about 64%of applications[25].According to this report,82 percent of vulnerabilities were due to flaws in code.This report has also published the severity of web application vulnerabilities in the past.This shows that security is one of the serious issues in the current era that need to be addressed carefully during SDLC.Further,the relative cost of addressing bugs and failure increase as the project progress as mentioned in the IBM system science institute report[26].Therefore,handling security from the beginning of the project is necessary to save the software from future security breaches.

It is evident from the above discussion that secure software development is inevitable for improving project quality and reducing bug fixing cost, and there exists no explicit solution to this problem.As a contribution to research, we reviewed the current literature on vulnerability evaluation and assessment in SDLC and outlined the security best practices to evaluate and quantify security threats and vulnerabilities in SDLC.Based on the identified best practices, we have proposed a secure SDLC framework.The proposed framework tries to mitigate the security vulnerabilities in SDLC by addressing end-to-end security.The proposed framework is validated using a mathematical model and a case study.Fig.1 illustrates the research process that was followed to carry out this research study.

Figure 1:Research process

The results of the case study show that the proposed approach helps incorporate security in SDLC.The remaining paper is structured as; Section 2 describes the existing work to highlight the best practices and techniques available for the assessment and measurements of security threats and vulnerabilities.Section 3 presents our proposed framework that addresses security in SDLC.Sections 4&5 evaluate the proposed framework using mathematical modeling and case study.Section 6 discusses the findings of the study.Section 7 concludes this paper by providing directions for future work.

2 Literature Review

This section will provide an overview of some latest research in secure software development to highlight the best practices that need to be followed for developing quality software.Further,it will pave the way for the proposed framework.

In paper[27],an integrated security framework is proposed for secure SDLC.Security test cases and guidelines were generated based on the security activities, and best practices followed in secure SDLC.Security testing tools were integrated for the automation of test case execution.A prototype was constructed to evaluate the proposed framework.The results of the experiment showed that the proposed approach provides stable service with enhanced quality and security.In Paper[20],a Multivocal literature review was conducted to identify the best practices for designing secure software.Based on identified best practices,a framework Secure Software Design Maturity Model(SSDMM)was developed.The framework was evaluated using case studies,and the results show that SSDMM helps measure the maturity level of an organization.Further, SSDMMM helps organizations in the evaluation and improvement of software design security practices.

In paper [28], a systematic literature review (SLR) was performed to pinpoint the required practices for developing secure software.This paper also amended Somerville’s requirement engineering practices.After identifying best requirement practices, a framework for secure requirement engineering named as Requirements Engineering Security Maturity Model(RESMM)was developed.The proposed framework was tested using questionnaires and case studies.The results show that the proposed framework is useful and easily adaptable.According to[29],security is not considered in the overall SDLC due to which a lot of security breaches occur.This paper presents a secure paradigm that is an extension of security development practices in agile methodology to overcome this problem in web application development.The proposed paradigm consists of three phases namely,inception,construction,and transition.Further,this paper classifies security vulnerabilities and common risks and threats that occur during web application development.Based on identified gaps,a framework is proposed for secure web application development.The survey method was used for the evaluation of the proposed framework,and the results were satisfactory.

According to the paper[30],the use of best practices for risk management should be followed in overall SDLC for getting a quality software product.This paper discussed various practices of risk management and security in different phases of SDLC.It provides an insight to the researchers and practitioners about the existing best practices that need to be followed.According to[31],security is an important aspect of software systems.However, existing studies do not address it explicitly into SDLC,therefore,this study identified important security policies,practices,and tools within SDLC and proposed a model for incorporating these elements into SDLC.This research study used a case study-based approach for answering research questions.Further,an expert review was conducted for the validation of the proposed model.

Paper [32] concludes that understanding software and proper application methods results in a reliable and quality software product.This research identified the issues that occurred while incorporating security into SDLC along with suitable solutions.Further,it discussed some securityrelated issues in detail such as security testing, threat modeling, risk assessment, and other suitable techniques that help in developing secure software.Paper[33]investigates security aspects in various phases of SDLC and evaluates these aspects with the help of the research community and software engineers.The results obtained from this qualitative study were analyzed using the SPSS tool,some security rules were also proposed for various phases of SDLC.

According to [34], security has been considered an afterthought for a long time.However, this approach is not suitable in today’s fast-paced economy.Security needs to be incorporated from the beginning of software till the end.This paper provides an overview of security plans in various phases of SDLC.Further,it emphasizes the importance of good governance for the success of the project.A systematic mapping study is performed in[35]to identify the existing security approaches,followed in SDLC.In this paper,118 studies were selected as the primary studies,and 52 security practices were identified from the selected studies.According to study findings, most of the security practices are being followed in the coding stage of SDLC.

It is obvious from the above discussion that incorporating security in different phases of SDLC is inevitable for quality software.There exist various studies that discuss the importance of incorporating security in SDLC,however,still there exists space for further research in the area.As a contribution towards this research direction, first, we have highlighted the common reasons for security flaws in SDLC as shown in Fig.2.by providing a taxonomy of SDLC [36–42].Next, we have proposed an approach that will incorporate security best practices in various phases of SDLC as mentioned in the upcoming section.Further, we have proposed a secure SDLC framework in the next section that is evaluated using a mathematical model and case study.

Figure 2:A taxonomy of security flaws reasons in SDLC

3 Proposed Framework

This section will discuss different phases of SDLC,the discussion of each phase will focus on three dimensions; the tasks performed in that phase, security issues involved, and mitigation strategies.It will not only provide a detailed overview of secure SDLC rather will also pave the way for our proposed solution.Below we discuss these phases briefly.

3.1 Requirement Phase

Requirement engineering is the first phase of SDLC,and the success of this phase leads towards a better software product.Further,handling security from the requirement phase help to save rework and additional cost.The tasks performed at this level are listed in Column 1 of Tab.1 [43–45].Existing literature on requirement security has highlighted different issues that might occur if security is not incorporated from the beginning.Some common security issues that might occur during the requirement phase of SDLC are listed in column 2 of Tab.1[30,33,46,47].To accomplish this phase and to address security from the beginning,best practices need to be followed.Different researchers have proposed different practices that need to be followed.Column 3 of Tab.1 list down the commonly used best practices for handling security during the requirement phase of SDLC[28,30,33,48–50]

Table 1: Requirement phase activities/issues and solutions

Table 1:Continued

3.2 Design Phase

Design is an essential step of the SDLC because it determines the look and sound of the app.Furthermore, it offers a user-interactive platform, making it vulnerable to numerous security threats.The important tasks performed during this phase are listed in Column 1 of Tab.2 [51–55].Common security issues that are usually faced during software design are listed in Column 2 of Tab.2[20,53,56–59]while security best practices are listed in Column 3 of Tab.2[13,14,20,28,52,53,60,61]

Table 2: Design phase activities/issues and solutions

Table 2:Continued

3.3 Coding Phase

The practice of secure coding is inevitable for safeguarding computer software against security vulnerabilities; therefore, the coding phase is among the critical phases of SDLC.Tasks performed during this phase are listed in Column 1 of Tab.3 The selection of appropriate coding language and classification of modules is a challenging task.Further,the reusability of code also creates a challenge if security is not considered while coding.Column 2 of Tab.3 list down the security issues that are usually faced during the coding phase while best practices of secure coding are listed in Column 3 of Tab.3[28,33,62–70]

Table 3: Coding phase activities/issues and solutions

3.4 Testing&Integration Phase

The testing&integration phase aims to make sure that all the system components provide their required functionality alone and as part of the whole system.The tasks involved in this phase are listed in colum1 of Tab.4.This phase aims to find possible bugs and errors in the system and remove them.Some common security issues involved in this phase are listed in Column 2 of Tab.4.This phase gives the final touch to the software before deployment therefore quality must be assured.Column 3 of Tab.4 lists down the best practices that help to make this phase secure and successful[71–77].

Table 4: Testing&integration phase activities/issues and solutions

3.5 Deployment Phase

This is the last stage of SDLC which handles the release and change management.In this phase,the software is installed in its actual environment.It seems simple but pairing the software with the existing environment is sometimes complex.Patches are created to handle the flaws;this makes the software vulnerable to various security threats.Column 1 of Tab.5 lists down the tasks that are performed in this stage.Some common security issues involved in this stage are listed in Column 2 of Tab.5.Further,customer satisfaction is very important at this level therefore Column 3 of Tab.5 list down the best practices that need to be considered for making this phase successful[78–83].

Table 5: Deployment phase activities/issues and solutions

The above discussion has highlighted the brief details of SDLC phases along with security issues and mitigation strategies.Based on identified challenges and best practices for each phase of SDLC,we have developed a framework as shown in Fig.3.This framework addresses security in overall SDLC by incorporating security best practices in different phases of SDLC.The framework is divided into two dimensions.The horizontal dimension of the framework shows SDLC phases while the vertical dimension of the framework list down the details of the tasks performed during each phase of SDLC,security issues involved in each phase,and corresponding mitigation strategies.

Figure 3:Proposed secure SDLC framework

According to the proposed framework,security best practices need to be incorporated from the beginning of the project until deployment to get secure and quality software.The practices mentioned in the above framework will not only make the software secure but will also not add much to the project budget and time.The detail of the framework is also presented in the form of an algorithm.

Algorithm 1:Algorithm for Proposed Approach Let R=Requirements, D=Design, C=Coding/implementation, T&I=testing and integration,M=maintenance,T=Threat,ART=artifacts 1.Begin(Continued)

Algorithm 1:Continued 2.Use SREP() //follow Secure Requirement Engineering Process(SREP)a.Agree on R //all stakeholders need to be agreed on requirement definitions b.Identify CVA //identify Critical and Vulnerable Assets(CVA)c.Identify RD //identify Requirement Dependencies(RD)d.Identify T //identify threat e.develop ART //develop corresponding artifacts f.Identify RS //identify possible Risks(RS)g.Elicit SR //elicit Security Requirements(SR)h.Perform RPC //perform Requirement Prioritization&Classification(RPC)i.Perform RI //perform Requirement Inspection(RI)j.Update RR //update Requirement Repository(RR)3.If Step a to j are successful then Go to 5 4.Else Go to 2 5.Perform SSD() //follow Secure Software Design(SSD)a.Follow EOM //Apply Economy of Mechanism(EOM)and keep your design as simple as you can b.Apply FSD //Apply False-Safe Default(FSD)principles to make sure that failure of any activity will prevent unsafe operation c.Apply ACM //Apply Access Control Mechanism(ACM)to make sure that every object is checked for authorization d.Give LP //give Least Privileges LP)e.Follow LCM //Least Common Mechanism(LCM)to restrict shared resource access f.Ensure PA //Psychological Acceptability(PA)of design automatically incorporate basic security g.Apply DID //Defense in Depth(DID)include multilevel security h.Perform DR //Design Review(DR)should be performed to validate design 6 f Step a to h are successful then Go to 8 7.Else Go to 5 8.Perform SC() //perform Secure Coding(SC)by following secure coding checklist and practices a.Follow SCP //follow OWASP Secure Coding Practices(SCP)and checklists b.Follow GCP //follow OWASP General Coding Practices(GCP)c.Perform PP //perform Pair Programing(PP)if possible 9.If Step a to c are successful then Go to 11 10.Else Go to 8 11.Perform ST&I() //Perform Secure Testing and Integration(ST&I)a.Generate TC //Test Cases(TC)should be generated based on the output of Step 2 b.Perform FT //perform Functional Testing(FT)c.Perform NFT //perform Nonfunctional Testing(NFT)d.Perform IT //perform Integration Testing(IT)(Continued)

Algorithm 1:Continued 12.If Step a to d are successful then Go to 14 13.Else Go to 11 14.Perform M()a.Document CMP //documents Change Management Process(CMP)b.Follow CMP //follow change management process c.Plan SR //Plan Support Resources(SR)15.If Step a to c are successful then Go to 17 16.Else Go to 14 17.END

4 Framework Evaluation Using Mathematical Modeling

Before proceeding towards mathematical modeling,we first define notations used in the mathematical model for getting a better understanding.Tab.6 lists down the notations of our mathematical model.

Table 6: Notations sued in the mathematical model

According to the proposed framework,secure SDLC need to incorporate security in overall SDLC as shown in Eq.(1)

The proposed framework aims to enhance security,therefore,the objective function in our case will be as shown in Eq.(2)

The Requirement phase of SDLC can be improved by following best practices as mentioned in the proposed framework.Hence the requirement phase can be modeled as

whereX1,X2...Xnis a set of best practices that need to be followed by organizations for making the requirement phase secure.To measure the security of this phase,we need to assign a weight to eachX1,X2...XnasW1,W2...Wnand set a threshold value forR.In this case,the measurement of R will be done using the formula in Eq.(4)as follows.

Eq.(4)must be true for secure completion of the requirement phase.The value ofTvvaries from project to project and will be determined based on the project’s nature.In the same way,secure design can be achieved by following the best design practices as shown in Eq.(5)

whereY1,Y2,Y3...Ynare best practices that need to be followed for making software design secure?To measure the security of software design,the organization need to set the value ofTvbased on the nature of the project and assign weights to eachY1,Y2,Y3...Yn.Then the measurement of design security will be done using the formula mentioned in Eq.(6)

Eq.(6)must be true for the completion of the secure software design phase.Once the requirement and design phase is complete, the organization moves towards the coding phase.Whatsoever the development model an organization is following,the basic activities/phases of SDLC remain almost the same.To make the coding process secure,organizations need to follow the best security practices during coding as mentioned in Eq.(7).

whereZ1,Z2,Z3...Znare the secure coding practices that need to be considered during the coding phase of SDLC.The security of the coding phase will be measured by assigning weights to eachZ1,Z2,Z3...Znaccording to their priority in the project.The formula in Eq.(8) will be used to measure the security of the coding phase by setting the value ofTvaccording to the organization’s preferences.

The weighted total of coding practices must be greater than the set threshold value for secure coding.Once the coding is done securely,the software team moves towards the testing and integration phase.This phase is critical as all the bugs and errors must be removed during this phase otherwise software will be handover to the customer after the completion of this phase.Customer acceptability is inevitable for business continuity and project acceptance therefore security of the testing and integration phase must be ensured.The organizations need to follow security best practices during this phase as shown in Eq.(9).

whereU1,U2,U3...Unare the security best practices that need to be incorporated in the testing and integration phase of SDLC for making it secure.To measure the security of this phase,the formula in Eq.(10)will be used.

The weighted total of best testing and integration practices should result in more than the set threshold value for ensuring the security of this phase.

The last phase of SDLC is a deployment where software is installed in its working environment,any change requested by the user is accommodated at this stage.This phase should be planned carefully to avoid any inconsistency and dissatisfaction from the user.According to the proposed model,a set of best practices need to be followed during this phase to make it secure and satisfactory.Eq.(11)illustrates the best practices of the deployment phase.

whereV1,V2,V3...Vnare the best practices that need to be considered during the deployment phase of SDLC for making it secure.To measure the security of this phase,the formula in Eq.(12)will be used.

The weighted total of the best practices incorporated in the deployment phase must be greater than the set value of the threshold for the secure execution of this phase.

Once all the phases of SDLC are done while considering security as a priority and incorporating security best practices in SDLC.The organizations need to check the overall security of the project against a threshold value that is set for the project based on its nature.The accumulative security can be calculated using the formula of Eq.(13)

where accumulative security must be greater than the set value of the accumulative threshold as shown in Eq.(14)

Once the organization achieves accumulative security for its developed software by incorporating the best practices mentioned in the proposed framework, the resultant software is resistant against security vulnerabilities and threats.

5 Framework Evaluation Using Case Study

Security is inevitable for all kinds of software projects;however,it varies from project to project.Some systems are security-critical as compared to others.The traditional security mechanism of P&P is sometimes more costly and complex.Therefore,security must be incorporated in the overall SDLC.There exist various approaches for integrating security into SDLC but still,the problem persists.To handle security in overall SDLC, we have proposed a secure SDLC framework.According to the proposed framework,Security must be incorporated from the beginning until the software is deployed in its working environment.

The organization XYZ follows the proposed framework,it set the values for different parameters according to the project’s nature.The concept mapping technique is used to measure the actual values of best practices used in various phases of SDLC.In this technique,important concepts related to the practice are identified and a panel of a software team is asked to map these concepts based on their understanding.This technique is very useful for measuring qualitative attributes [84–86].The last column of Tab.7 shows the obtained value for each security best practice using the concept mapping technique.Column 3 of Tab.7 shows the weight for each practice that was decided based on the nature of the project and the importance of that practice for the project’s security.

Table 7: Data used for cases study

Table 7:Continued

Sc(R)= 1/n(X1W1+X2W2+X3W3...+XnWn)Where n is the total number of best security practices used during the requirement phase.By substituting the values from Tab.7 into the above equation we get

The total value ofSc(R)is 0.7794 while the threshold value is 0.75 as shown in Tab.8.This shows that incorporating the security best practices in the requirement phase of SDLC help to improve the security of this phase.

Table 8: Threshold values for SDLC phases

Similarly,Sc(D)= 1/n(Y1W1+Y2W2+Y3W3...+YnWn)by substituting the obtained values for each security best practice during the design phase of SDLC into the above equation we get

The obtained security value ofSc(D)is 0.70 while the threshold value is 0.68.This also shows that the security best practices mentioned in the proposed framework help in improving the security of the design phase.

Sc(C)= 1/n(Z1W1+Z2W2+Z3W3...+ZnWn)By substituting the obtained values for secure coding practices into the given equation we obtained results as

The obtained security value for the coding phase is 0.56 while the threshold value is 0.55.This shows that organizations need to incorporate security best practices during the SDLC coding phase as mentioned in the proposed framework.

The security values of the testing & integration phase can be calculated by using the formula.Sc(TI)= 1/n(W1+U2W2+U3W3...+UnWn)By substituting the values from Tab.3 into the above equation we get

Sc(TI)=1/5((0.80)(0.80)+(0.90)(0.90)+(0.95)(0.90)+(0.85)(0.80)+(0.95)(0.90))

=3.84/5=0.768

The security value for testing and integration phase obtained after applying security best practices as mentioned in the proposed framework is 0.768 which is higher than the threshold value of 0.60.This shows that the proposed framework helps improve the security of testing&integration phase of SDLC.Sc(Dp)= 1/n(V1W1+V2W2+V3W3...+VnWn)by substituting the obtained values in the equation,we get

=1/3((0.80)(0.90)+(0.80)(0.85)+(0.80)(0.80))=2.04/3=0.68

The obtained security value for the deployment phase is 0.68 which is greater than the threshold value of 0.50 which shows that security best practices need to be incorporated in the SDLC deployment phase.

Now we find the accumulative security by using the formula below.

The obtained value for accumulative security is 0.70 which is also greater than the threshold value for the cumulative security of 0.60.The results of the case study show that the proposed framework helps improve the security of SDLC.

6 Discussion

Security is one of the important factors that need to be considered from the very beginning of the software development process.Bugs and errors which are detected in the early phases of development are easy and cheap to handle as compared to the ones which are captured during later phases.Therefore, incorporating security in overall SDLC is inevitable for secure software development as well as organizations’business continuity and avoiding rework.Traditionally, security is considered an afterthought activity that is handled by creating patches for the flaws identified during testing of the project or after deployment.However,the P&P strategy is not easy to implement in today’s software development environment where billions of devices are interconnected,and software has to work as an integral part of the overall system.

To incorporate security in the overall development cycle,we have done a detailed literature review and identified the best practices that help manage security in SDLC.Based on the identified security best practices, we have formulated a secure SDLC framework.The structure of the framework that has been suggested is two-dimensional.The phases of SDLC are represented on the horizontal axis,while the vertical axis is separated into three layers;layer 1 highlights the critical tasks performed in the corresponding SDLC process.Layer 2 describes the security issues involved in the SDLC phase while best practices for overcoming the listed security problems are discussed in layer 3.The proposed framework was modeled mathematically and was also evaluated using a case study.The case study results show that incorporating security best practices in different phases of SDLC improve software security.

7 Conclusion and Future Work

One of the most critical things to be considered from the start of the software development process is security.When bugs and defects are discovered early in the production process,they are easier and less expensive to fix than those discovered later.In the past,many software failed due to negligence of the security factor.Testing the software for security after development is not only time-consuming and complex;rather,it increases the time and cost of the project.To avoid complexity and project failure at a later stage,it is necessary to consider security as an important attribute of the software from the beginning of the project until the deployment.To address this issue, we have provided a framework based on existing security best practices for different phases of SDLC.The proposed framework was evaluated using a mathematical model and a case study and results show that the proposed framework helps improve the security of SDLC.

In the future,we are planning to extend the proposed framework by incorporating more security best practices and evaluating it on a security-critical project.

Funding Statement:The authors received no specific funding for this study

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.