• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

    2022-08-23 02:18:04MamoonaHumayunNZJhanjhiMaramFahhadAlmufarehandMuhammadIbrahimKhalil
    Computers Materials&Continua 2022年6期

    Mamoona Humayun,NZ Jhanjhi,Maram Fahhad Almufareh and Muhammad Ibrahim Khalil

    1Department of Information Systems,College of Computer and Information Sciences,Jouf University,Al-Jouf,KSA

    2School of Computer Science and Engineering(SCE),Taylor’s University,Selangor,Malaysia

    3Department of Computer Science,Bahria University,Islamabad,Pakistan

    Abstract:Security is critical to the success of software,particularly in today’s fast-paced, technology-driven environment.It ensures that data, code, and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capability maturity model integration).However, there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,in which security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components, and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC, despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap, we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC, resulting in more secure applications.

    Keywords: Security; secure software development; software development life cycle(SDLC);confidentiality;integrity;availability

    1 Introduction

    Software security is a process that includes the design,development,and testing of software for security where vulnerabilities are detected and revealed by the software itself[1–3].It fundamentally requires a proactive approach that takes place within the pre-deployment process.It’s all about making the software development team do a great job to make it easier for operators.A simple error sometimes can end up causing millions of dollars of losses in today’s business processes.But unfortunately,many software development companies do not follow best practices to incorporate security in SDLC[4,5].This negligence includes lack of awareness, fear of time and cost overrun, use of third-party components and, lack of qualified professionals, etc.Due to the popularity and excessive usage of internet applications such as the internet of things,cloud computing,social media systems,etc., the number of security vulnerabilities is also overgrowing[6–9].

    SDLC is a mechanism that generates the best quality and low-cost software in the shortest possible time.It offers a well-structured step flow that helps an enterprise easily produce high-quality, welltested,and ready-to-use software.The common phases of SLDC include planning,analysis, design,implementation, testing & integration, and maintenance [10–12].All these phases are dependent on each other and are of equal importance.If security is incorporated during all phases of SDLC then the resultant product will not be vulnerable to security threats.This is only possible if a secure SDLC process is followed, secure SDLC ensures that security-related activities are an integral part of the overall development effort[13–16].

    Traditional security mechanisms mainly focus on network systems, and they spent a huge amount of money to make their network secure.These mechanisms include IDs(Intrusion detection system), firewalls, encryption, antivirus, and antispyware [17–19].Further, security is considered an afterthought that is usually addressed after completing the development cycle using the approach of P&P(penetrate and patch),which means creating the patches for the available flaws.The drawback of the P&P technique is that the application users do not apply these patches.Further,attackers might plan and penetrate new vulnerabilities[20–23].According to a report published by RiskIQ,security vulnerabilities alone cost as much as$25 per minute to the major companies while crypto companies face the loss of almost$2000 per minute due to cybercrimes[24].Another report presented by positive technologies;9 out of 10 web applications are vulnerable to security threats and about 39%of websites are vulnerable to unauthorized access,while data breach is a threat for about 64%of applications[25].According to this report,82 percent of vulnerabilities were due to flaws in code.This report has also published the severity of web application vulnerabilities in the past.This shows that security is one of the serious issues in the current era that need to be addressed carefully during SDLC.Further,the relative cost of addressing bugs and failure increase as the project progress as mentioned in the IBM system science institute report[26].Therefore,handling security from the beginning of the project is necessary to save the software from future security breaches.

    It is evident from the above discussion that secure software development is inevitable for improving project quality and reducing bug fixing cost, and there exists no explicit solution to this problem.As a contribution to research, we reviewed the current literature on vulnerability evaluation and assessment in SDLC and outlined the security best practices to evaluate and quantify security threats and vulnerabilities in SDLC.Based on the identified best practices, we have proposed a secure SDLC framework.The proposed framework tries to mitigate the security vulnerabilities in SDLC by addressing end-to-end security.The proposed framework is validated using a mathematical model and a case study.Fig.1 illustrates the research process that was followed to carry out this research study.

    Figure 1:Research process

    The results of the case study show that the proposed approach helps incorporate security in SDLC.The remaining paper is structured as; Section 2 describes the existing work to highlight the best practices and techniques available for the assessment and measurements of security threats and vulnerabilities.Section 3 presents our proposed framework that addresses security in SDLC.Sections 4&5 evaluate the proposed framework using mathematical modeling and case study.Section 6 discusses the findings of the study.Section 7 concludes this paper by providing directions for future work.

    2 Literature Review

    This section will provide an overview of some latest research in secure software development to highlight the best practices that need to be followed for developing quality software.Further,it will pave the way for the proposed framework.

    In paper[27],an integrated security framework is proposed for secure SDLC.Security test cases and guidelines were generated based on the security activities, and best practices followed in secure SDLC.Security testing tools were integrated for the automation of test case execution.A prototype was constructed to evaluate the proposed framework.The results of the experiment showed that the proposed approach provides stable service with enhanced quality and security.In Paper[20],a Multivocal literature review was conducted to identify the best practices for designing secure software.Based on identified best practices,a framework Secure Software Design Maturity Model(SSDMM)was developed.The framework was evaluated using case studies,and the results show that SSDMM helps measure the maturity level of an organization.Further, SSDMMM helps organizations in the evaluation and improvement of software design security practices.

    In paper [28], a systematic literature review (SLR) was performed to pinpoint the required practices for developing secure software.This paper also amended Somerville’s requirement engineering practices.After identifying best requirement practices, a framework for secure requirement engineering named as Requirements Engineering Security Maturity Model(RESMM)was developed.The proposed framework was tested using questionnaires and case studies.The results show that the proposed framework is useful and easily adaptable.According to[29],security is not considered in the overall SDLC due to which a lot of security breaches occur.This paper presents a secure paradigm that is an extension of security development practices in agile methodology to overcome this problem in web application development.The proposed paradigm consists of three phases namely,inception,construction,and transition.Further,this paper classifies security vulnerabilities and common risks and threats that occur during web application development.Based on identified gaps,a framework is proposed for secure web application development.The survey method was used for the evaluation of the proposed framework,and the results were satisfactory.

    According to the paper[30],the use of best practices for risk management should be followed in overall SDLC for getting a quality software product.This paper discussed various practices of risk management and security in different phases of SDLC.It provides an insight to the researchers and practitioners about the existing best practices that need to be followed.According to[31],security is an important aspect of software systems.However, existing studies do not address it explicitly into SDLC,therefore,this study identified important security policies,practices,and tools within SDLC and proposed a model for incorporating these elements into SDLC.This research study used a case study-based approach for answering research questions.Further,an expert review was conducted for the validation of the proposed model.

    Paper [32] concludes that understanding software and proper application methods results in a reliable and quality software product.This research identified the issues that occurred while incorporating security into SDLC along with suitable solutions.Further,it discussed some securityrelated issues in detail such as security testing, threat modeling, risk assessment, and other suitable techniques that help in developing secure software.Paper[33]investigates security aspects in various phases of SDLC and evaluates these aspects with the help of the research community and software engineers.The results obtained from this qualitative study were analyzed using the SPSS tool,some security rules were also proposed for various phases of SDLC.

    According to [34], security has been considered an afterthought for a long time.However, this approach is not suitable in today’s fast-paced economy.Security needs to be incorporated from the beginning of software till the end.This paper provides an overview of security plans in various phases of SDLC.Further,it emphasizes the importance of good governance for the success of the project.A systematic mapping study is performed in[35]to identify the existing security approaches,followed in SDLC.In this paper,118 studies were selected as the primary studies,and 52 security practices were identified from the selected studies.According to study findings, most of the security practices are being followed in the coding stage of SDLC.

    It is obvious from the above discussion that incorporating security in different phases of SDLC is inevitable for quality software.There exist various studies that discuss the importance of incorporating security in SDLC,however,still there exists space for further research in the area.As a contribution towards this research direction, first, we have highlighted the common reasons for security flaws in SDLC as shown in Fig.2.by providing a taxonomy of SDLC [36–42].Next, we have proposed an approach that will incorporate security best practices in various phases of SDLC as mentioned in the upcoming section.Further, we have proposed a secure SDLC framework in the next section that is evaluated using a mathematical model and case study.

    Figure 2:A taxonomy of security flaws reasons in SDLC

    3 Proposed Framework

    This section will discuss different phases of SDLC,the discussion of each phase will focus on three dimensions; the tasks performed in that phase, security issues involved, and mitigation strategies.It will not only provide a detailed overview of secure SDLC rather will also pave the way for our proposed solution.Below we discuss these phases briefly.

    3.1 Requirement Phase

    Requirement engineering is the first phase of SDLC,and the success of this phase leads towards a better software product.Further,handling security from the requirement phase help to save rework and additional cost.The tasks performed at this level are listed in Column 1 of Tab.1 [43–45].Existing literature on requirement security has highlighted different issues that might occur if security is not incorporated from the beginning.Some common security issues that might occur during the requirement phase of SDLC are listed in column 2 of Tab.1[30,33,46,47].To accomplish this phase and to address security from the beginning,best practices need to be followed.Different researchers have proposed different practices that need to be followed.Column 3 of Tab.1 list down the commonly used best practices for handling security during the requirement phase of SDLC[28,30,33,48–50]

    Table 1: Requirement phase activities/issues and solutions

    Table 1:Continued

    3.2 Design Phase

    Design is an essential step of the SDLC because it determines the look and sound of the app.Furthermore, it offers a user-interactive platform, making it vulnerable to numerous security threats.The important tasks performed during this phase are listed in Column 1 of Tab.2 [51–55].Common security issues that are usually faced during software design are listed in Column 2 of Tab.2[20,53,56–59]while security best practices are listed in Column 3 of Tab.2[13,14,20,28,52,53,60,61]

    Table 2: Design phase activities/issues and solutions

    Table 2:Continued

    3.3 Coding Phase

    The practice of secure coding is inevitable for safeguarding computer software against security vulnerabilities; therefore, the coding phase is among the critical phases of SDLC.Tasks performed during this phase are listed in Column 1 of Tab.3 The selection of appropriate coding language and classification of modules is a challenging task.Further,the reusability of code also creates a challenge if security is not considered while coding.Column 2 of Tab.3 list down the security issues that are usually faced during the coding phase while best practices of secure coding are listed in Column 3 of Tab.3[28,33,62–70]

    Table 3: Coding phase activities/issues and solutions

    3.4 Testing&Integration Phase

    The testing&integration phase aims to make sure that all the system components provide their required functionality alone and as part of the whole system.The tasks involved in this phase are listed in colum1 of Tab.4.This phase aims to find possible bugs and errors in the system and remove them.Some common security issues involved in this phase are listed in Column 2 of Tab.4.This phase gives the final touch to the software before deployment therefore quality must be assured.Column 3 of Tab.4 lists down the best practices that help to make this phase secure and successful[71–77].

    Table 4: Testing&integration phase activities/issues and solutions

    3.5 Deployment Phase

    This is the last stage of SDLC which handles the release and change management.In this phase,the software is installed in its actual environment.It seems simple but pairing the software with the existing environment is sometimes complex.Patches are created to handle the flaws;this makes the software vulnerable to various security threats.Column 1 of Tab.5 lists down the tasks that are performed in this stage.Some common security issues involved in this stage are listed in Column 2 of Tab.5.Further,customer satisfaction is very important at this level therefore Column 3 of Tab.5 list down the best practices that need to be considered for making this phase successful[78–83].

    Table 5: Deployment phase activities/issues and solutions

    The above discussion has highlighted the brief details of SDLC phases along with security issues and mitigation strategies.Based on identified challenges and best practices for each phase of SDLC,we have developed a framework as shown in Fig.3.This framework addresses security in overall SDLC by incorporating security best practices in different phases of SDLC.The framework is divided into two dimensions.The horizontal dimension of the framework shows SDLC phases while the vertical dimension of the framework list down the details of the tasks performed during each phase of SDLC,security issues involved in each phase,and corresponding mitigation strategies.

    Figure 3:Proposed secure SDLC framework

    According to the proposed framework,security best practices need to be incorporated from the beginning of the project until deployment to get secure and quality software.The practices mentioned in the above framework will not only make the software secure but will also not add much to the project budget and time.The detail of the framework is also presented in the form of an algorithm.

    Algorithm 1:Algorithm for Proposed Approach Let R=Requirements, D=Design, C=Coding/implementation, T&I=testing and integration,M=maintenance,T=Threat,ART=artifacts 1.Begin(Continued)

    Algorithm 1:Continued 2.Use SREP() //follow Secure Requirement Engineering Process(SREP)a.Agree on R //all stakeholders need to be agreed on requirement definitions b.Identify CVA //identify Critical and Vulnerable Assets(CVA)c.Identify RD //identify Requirement Dependencies(RD)d.Identify T //identify threat e.develop ART //develop corresponding artifacts f.Identify RS //identify possible Risks(RS)g.Elicit SR //elicit Security Requirements(SR)h.Perform RPC //perform Requirement Prioritization&Classification(RPC)i.Perform RI //perform Requirement Inspection(RI)j.Update RR //update Requirement Repository(RR)3.If Step a to j are successful then Go to 5 4.Else Go to 2 5.Perform SSD() //follow Secure Software Design(SSD)a.Follow EOM //Apply Economy of Mechanism(EOM)and keep your design as simple as you can b.Apply FSD //Apply False-Safe Default(FSD)principles to make sure that failure of any activity will prevent unsafe operation c.Apply ACM //Apply Access Control Mechanism(ACM)to make sure that every object is checked for authorization d.Give LP //give Least Privileges LP)e.Follow LCM //Least Common Mechanism(LCM)to restrict shared resource access f.Ensure PA //Psychological Acceptability(PA)of design automatically incorporate basic security g.Apply DID //Defense in Depth(DID)include multilevel security h.Perform DR //Design Review(DR)should be performed to validate design 6 f Step a to h are successful then Go to 8 7.Else Go to 5 8.Perform SC() //perform Secure Coding(SC)by following secure coding checklist and practices a.Follow SCP //follow OWASP Secure Coding Practices(SCP)and checklists b.Follow GCP //follow OWASP General Coding Practices(GCP)c.Perform PP //perform Pair Programing(PP)if possible 9.If Step a to c are successful then Go to 11 10.Else Go to 8 11.Perform ST&I() //Perform Secure Testing and Integration(ST&I)a.Generate TC //Test Cases(TC)should be generated based on the output of Step 2 b.Perform FT //perform Functional Testing(FT)c.Perform NFT //perform Nonfunctional Testing(NFT)d.Perform IT //perform Integration Testing(IT)(Continued)

    Algorithm 1:Continued 12.If Step a to d are successful then Go to 14 13.Else Go to 11 14.Perform M()a.Document CMP //documents Change Management Process(CMP)b.Follow CMP //follow change management process c.Plan SR //Plan Support Resources(SR)15.If Step a to c are successful then Go to 17 16.Else Go to 14 17.END

    4 Framework Evaluation Using Mathematical Modeling

    Before proceeding towards mathematical modeling,we first define notations used in the mathematical model for getting a better understanding.Tab.6 lists down the notations of our mathematical model.

    Table 6: Notations sued in the mathematical model

    According to the proposed framework,secure SDLC need to incorporate security in overall SDLC as shown in Eq.(1)

    The proposed framework aims to enhance security,therefore,the objective function in our case will be as shown in Eq.(2)

    The Requirement phase of SDLC can be improved by following best practices as mentioned in the proposed framework.Hence the requirement phase can be modeled as

    whereX1,X2...Xnis a set of best practices that need to be followed by organizations for making the requirement phase secure.To measure the security of this phase,we need to assign a weight to eachX1,X2...XnasW1,W2...Wnand set a threshold value forR.In this case,the measurement of R will be done using the formula in Eq.(4)as follows.

    Eq.(4)must be true for secure completion of the requirement phase.The value ofTvvaries from project to project and will be determined based on the project’s nature.In the same way,secure design can be achieved by following the best design practices as shown in Eq.(5)

    whereY1,Y2,Y3...Ynare best practices that need to be followed for making software design secure?To measure the security of software design,the organization need to set the value ofTvbased on the nature of the project and assign weights to eachY1,Y2,Y3...Yn.Then the measurement of design security will be done using the formula mentioned in Eq.(6)

    Eq.(6)must be true for the completion of the secure software design phase.Once the requirement and design phase is complete, the organization moves towards the coding phase.Whatsoever the development model an organization is following,the basic activities/phases of SDLC remain almost the same.To make the coding process secure,organizations need to follow the best security practices during coding as mentioned in Eq.(7).

    whereZ1,Z2,Z3...Znare the secure coding practices that need to be considered during the coding phase of SDLC.The security of the coding phase will be measured by assigning weights to eachZ1,Z2,Z3...Znaccording to their priority in the project.The formula in Eq.(8) will be used to measure the security of the coding phase by setting the value ofTvaccording to the organization’s preferences.

    The weighted total of coding practices must be greater than the set threshold value for secure coding.Once the coding is done securely,the software team moves towards the testing and integration phase.This phase is critical as all the bugs and errors must be removed during this phase otherwise software will be handover to the customer after the completion of this phase.Customer acceptability is inevitable for business continuity and project acceptance therefore security of the testing and integration phase must be ensured.The organizations need to follow security best practices during this phase as shown in Eq.(9).

    whereU1,U2,U3...Unare the security best practices that need to be incorporated in the testing and integration phase of SDLC for making it secure.To measure the security of this phase,the formula in Eq.(10)will be used.

    The weighted total of best testing and integration practices should result in more than the set threshold value for ensuring the security of this phase.

    The last phase of SDLC is a deployment where software is installed in its working environment,any change requested by the user is accommodated at this stage.This phase should be planned carefully to avoid any inconsistency and dissatisfaction from the user.According to the proposed model,a set of best practices need to be followed during this phase to make it secure and satisfactory.Eq.(11)illustrates the best practices of the deployment phase.

    whereV1,V2,V3...Vnare the best practices that need to be considered during the deployment phase of SDLC for making it secure.To measure the security of this phase,the formula in Eq.(12)will be used.

    The weighted total of the best practices incorporated in the deployment phase must be greater than the set value of the threshold for the secure execution of this phase.

    Once all the phases of SDLC are done while considering security as a priority and incorporating security best practices in SDLC.The organizations need to check the overall security of the project against a threshold value that is set for the project based on its nature.The accumulative security can be calculated using the formula of Eq.(13)

    where accumulative security must be greater than the set value of the accumulative threshold as shown in Eq.(14)

    Once the organization achieves accumulative security for its developed software by incorporating the best practices mentioned in the proposed framework, the resultant software is resistant against security vulnerabilities and threats.

    5 Framework Evaluation Using Case Study

    Security is inevitable for all kinds of software projects;however,it varies from project to project.Some systems are security-critical as compared to others.The traditional security mechanism of P&P is sometimes more costly and complex.Therefore,security must be incorporated in the overall SDLC.There exist various approaches for integrating security into SDLC but still,the problem persists.To handle security in overall SDLC, we have proposed a secure SDLC framework.According to the proposed framework,Security must be incorporated from the beginning until the software is deployed in its working environment.

    The organization XYZ follows the proposed framework,it set the values for different parameters according to the project’s nature.The concept mapping technique is used to measure the actual values of best practices used in various phases of SDLC.In this technique,important concepts related to the practice are identified and a panel of a software team is asked to map these concepts based on their understanding.This technique is very useful for measuring qualitative attributes [84–86].The last column of Tab.7 shows the obtained value for each security best practice using the concept mapping technique.Column 3 of Tab.7 shows the weight for each practice that was decided based on the nature of the project and the importance of that practice for the project’s security.

    Table 7: Data used for cases study

    Table 7:Continued

    Sc(R)= 1/n(X1W1+X2W2+X3W3...+XnWn)Where n is the total number of best security practices used during the requirement phase.By substituting the values from Tab.7 into the above equation we get

    The total value ofSc(R)is 0.7794 while the threshold value is 0.75 as shown in Tab.8.This shows that incorporating the security best practices in the requirement phase of SDLC help to improve the security of this phase.

    Table 8: Threshold values for SDLC phases

    Similarly,Sc(D)= 1/n(Y1W1+Y2W2+Y3W3...+YnWn)by substituting the obtained values for each security best practice during the design phase of SDLC into the above equation we get

    The obtained security value ofSc(D)is 0.70 while the threshold value is 0.68.This also shows that the security best practices mentioned in the proposed framework help in improving the security of the design phase.

    Sc(C)= 1/n(Z1W1+Z2W2+Z3W3...+ZnWn)By substituting the obtained values for secure coding practices into the given equation we obtained results as

    The obtained security value for the coding phase is 0.56 while the threshold value is 0.55.This shows that organizations need to incorporate security best practices during the SDLC coding phase as mentioned in the proposed framework.

    The security values of the testing & integration phase can be calculated by using the formula.Sc(TI)= 1/n(W1+U2W2+U3W3...+UnWn)By substituting the values from Tab.3 into the above equation we get

    Sc(TI)=1/5((0.80)(0.80)+(0.90)(0.90)+(0.95)(0.90)+(0.85)(0.80)+(0.95)(0.90))

    =3.84/5=0.768

    The security value for testing and integration phase obtained after applying security best practices as mentioned in the proposed framework is 0.768 which is higher than the threshold value of 0.60.This shows that the proposed framework helps improve the security of testing&integration phase of SDLC.Sc(Dp)= 1/n(V1W1+V2W2+V3W3...+VnWn)by substituting the obtained values in the equation,we get

    =1/3((0.80)(0.90)+(0.80)(0.85)+(0.80)(0.80))=2.04/3=0.68

    The obtained security value for the deployment phase is 0.68 which is greater than the threshold value of 0.50 which shows that security best practices need to be incorporated in the SDLC deployment phase.

    Now we find the accumulative security by using the formula below.

    The obtained value for accumulative security is 0.70 which is also greater than the threshold value for the cumulative security of 0.60.The results of the case study show that the proposed framework helps improve the security of SDLC.

    6 Discussion

    Security is one of the important factors that need to be considered from the very beginning of the software development process.Bugs and errors which are detected in the early phases of development are easy and cheap to handle as compared to the ones which are captured during later phases.Therefore, incorporating security in overall SDLC is inevitable for secure software development as well as organizations’business continuity and avoiding rework.Traditionally, security is considered an afterthought activity that is handled by creating patches for the flaws identified during testing of the project or after deployment.However,the P&P strategy is not easy to implement in today’s software development environment where billions of devices are interconnected,and software has to work as an integral part of the overall system.

    To incorporate security in the overall development cycle,we have done a detailed literature review and identified the best practices that help manage security in SDLC.Based on the identified security best practices, we have formulated a secure SDLC framework.The structure of the framework that has been suggested is two-dimensional.The phases of SDLC are represented on the horizontal axis,while the vertical axis is separated into three layers;layer 1 highlights the critical tasks performed in the corresponding SDLC process.Layer 2 describes the security issues involved in the SDLC phase while best practices for overcoming the listed security problems are discussed in layer 3.The proposed framework was modeled mathematically and was also evaluated using a case study.The case study results show that incorporating security best practices in different phases of SDLC improve software security.

    7 Conclusion and Future Work

    One of the most critical things to be considered from the start of the software development process is security.When bugs and defects are discovered early in the production process,they are easier and less expensive to fix than those discovered later.In the past,many software failed due to negligence of the security factor.Testing the software for security after development is not only time-consuming and complex;rather,it increases the time and cost of the project.To avoid complexity and project failure at a later stage,it is necessary to consider security as an important attribute of the software from the beginning of the project until the deployment.To address this issue, we have provided a framework based on existing security best practices for different phases of SDLC.The proposed framework was evaluated using a mathematical model and a case study and results show that the proposed framework helps improve the security of SDLC.

    In the future,we are planning to extend the proposed framework by incorporating more security best practices and evaluating it on a security-critical project.

    Funding Statement:The authors received no specific funding for this study

    Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

    亚洲精品粉嫩美女一区| 国产高清三级在线| 天天一区二区日本电影三级| 国产av在哪里看| 亚洲熟妇中文字幕五十中出| 美女cb高潮喷水在线观看| 欧美成人免费av一区二区三区| 亚洲午夜理论影院| av天堂在线播放| 亚洲精品国产精品久久久不卡| 高清毛片免费观看视频网站| 国产成人a区在线观看| 国产精品99久久99久久久不卡| 国产成人系列免费观看| 成人午夜高清在线视频| 中出人妻视频一区二区| 欧美日韩国产亚洲二区| 亚洲成人中文字幕在线播放| 最近最新中文字幕大全免费视频| 熟女少妇亚洲综合色aaa.| 一本综合久久免费| eeuss影院久久| 国产精品自产拍在线观看55亚洲| 国产麻豆成人av免费视频| 夜夜躁狠狠躁天天躁| 婷婷精品国产亚洲av| 午夜福利欧美成人| 亚洲国产精品成人综合色| 女人被狂操c到高潮| 在线播放无遮挡| 亚洲 国产 在线| 麻豆国产97在线/欧美| 男人和女人高潮做爰伦理| 日韩欧美国产在线观看| 白带黄色成豆腐渣| 色噜噜av男人的天堂激情| 听说在线观看完整版免费高清| 欧美日韩福利视频一区二区| 国产又黄又爽又无遮挡在线| 国产精品98久久久久久宅男小说| 午夜福利欧美成人| 两个人视频免费观看高清| 亚洲精品456在线播放app | 欧美日韩福利视频一区二区| 亚洲在线观看片| 动漫黄色视频在线观看| 宅男免费午夜| 亚洲精品久久国产高清桃花| 日本三级黄在线观看| 色老头精品视频在线观看| 一级a爱片免费观看的视频| 我要搜黄色片| 欧美丝袜亚洲另类 | 亚洲精品乱码久久久v下载方式 | 国产亚洲av嫩草精品影院| 黄色丝袜av网址大全| 网址你懂的国产日韩在线| 一a级毛片在线观看| 久久6这里有精品| 蜜桃亚洲精品一区二区三区| 一本综合久久免费| 日韩成人在线观看一区二区三区| 极品教师在线免费播放| 99久久精品国产亚洲精品| 午夜日韩欧美国产| 亚洲精品亚洲一区二区| 欧美性猛交黑人性爽| 51国产日韩欧美| 免费一级毛片在线播放高清视频| 亚洲成人久久性| 热99在线观看视频| 欧美在线一区亚洲| 亚洲人成网站在线播| 岛国在线观看网站| 一a级毛片在线观看| 一个人观看的视频www高清免费观看| 校园春色视频在线观看| 岛国在线观看网站| 国内揄拍国产精品人妻在线| 久久久久久久精品吃奶| 亚洲不卡免费看| 亚洲国产欧美网| 白带黄色成豆腐渣| 91字幕亚洲| 欧美又色又爽又黄视频| 一级黄色大片毛片| 亚洲 欧美 日韩 在线 免费| 亚洲美女视频黄频| 有码 亚洲区| 嫩草影院入口| 欧美极品一区二区三区四区| 国产伦在线观看视频一区| 在线观看av片永久免费下载| 国产一区二区在线观看日韩 | 亚洲欧美日韩卡通动漫| 欧美成狂野欧美在线观看| 欧美中文综合在线视频| 国产精品99久久久久久久久| 日本与韩国留学比较| 午夜福利在线观看免费完整高清在 | 叶爱在线成人免费视频播放| 无人区码免费观看不卡| 在线播放国产精品三级| 无限看片的www在线观看| 精品人妻偷拍中文字幕| 有码 亚洲区| 亚洲国产色片| 精品国内亚洲2022精品成人| 在线天堂最新版资源| 国产真实伦视频高清在线观看 | 国产毛片a区久久久久| 变态另类成人亚洲欧美熟女| 国内少妇人妻偷人精品xxx网站| 久久久久久久久大av| 嫁个100分男人电影在线观看| 黑人欧美特级aaaaaa片| 不卡一级毛片| 麻豆国产97在线/欧美| 亚洲欧美激情综合另类| 国产伦在线观看视频一区| 国产一区二区在线观看日韩 | 欧美日韩国产亚洲二区| 中文字幕人成人乱码亚洲影| 中亚洲国语对白在线视频| 亚洲人成网站高清观看| 国产精品综合久久久久久久免费| 综合色av麻豆| 亚洲精品456在线播放app | 欧美乱码精品一区二区三区| 最好的美女福利视频网| 最近最新中文字幕大全免费视频| 精品人妻一区二区三区麻豆 | 免费人成视频x8x8入口观看| 色尼玛亚洲综合影院| 三级男女做爰猛烈吃奶摸视频| 国产精品免费一区二区三区在线| 最近在线观看免费完整版| 亚洲中文日韩欧美视频| 午夜福利18| 狠狠狠狠99中文字幕| 中文字幕人妻熟人妻熟丝袜美 | 成年免费大片在线观看| 天天一区二区日本电影三级| 久久久成人免费电影| 国产亚洲精品久久久com| 天堂av国产一区二区熟女人妻| 午夜福利18| 日本 欧美在线| 最新美女视频免费是黄的| 久久久久久九九精品二区国产| 听说在线观看完整版免费高清| 人妻久久中文字幕网| 女同久久另类99精品国产91| 亚洲熟妇熟女久久| 欧美色欧美亚洲另类二区| 99久久九九国产精品国产免费| 国产91精品成人一区二区三区| 亚洲国产色片| 内射极品少妇av片p| 婷婷六月久久综合丁香| tocl精华| 亚洲国产欧美网| 一a级毛片在线观看| 亚洲五月婷婷丁香| 18+在线观看网站| avwww免费| 亚洲欧美日韩高清专用| 亚洲无线观看免费| 99久久精品热视频| 麻豆国产av国片精品| 91九色精品人成在线观看| 在线观看一区二区三区| 国产亚洲精品久久久com| 9191精品国产免费久久| 在线观看一区二区三区| 国产精品嫩草影院av在线观看 | 亚洲欧美激情综合另类| 手机成人av网站| 国产精品一区二区三区四区久久| 国产麻豆成人av免费视频| 757午夜福利合集在线观看| 18禁国产床啪视频网站| 中文字幕精品亚洲无线码一区| 在线十欧美十亚洲十日本专区| 97超视频在线观看视频| 国产视频内射| 亚洲色图av天堂| 天堂√8在线中文| www国产在线视频色| 午夜两性在线视频| 欧美日韩中文字幕国产精品一区二区三区| 亚洲欧美精品综合久久99| 亚洲成人免费电影在线观看| 有码 亚洲区| 精品日产1卡2卡| 日本黄色视频三级网站网址| 舔av片在线| 日本三级黄在线观看| 国内少妇人妻偷人精品xxx网站| 岛国在线免费视频观看| 国产成人a区在线观看| 无遮挡黄片免费观看| 99riav亚洲国产免费| 色综合婷婷激情| 99久久精品热视频| 亚洲人与动物交配视频| 国产精品一区二区三区四区免费观看 | av片东京热男人的天堂| 黄色日韩在线| 久久久国产精品麻豆| 女人被狂操c到高潮| 小蜜桃在线观看免费完整版高清| 亚洲成人中文字幕在线播放| 91在线精品国自产拍蜜月 | 日韩欧美三级三区| 97超级碰碰碰精品色视频在线观看| 在线a可以看的网站| 国产亚洲欧美在线一区二区| 蜜桃久久精品国产亚洲av| 国产乱人视频| 一个人观看的视频www高清免费观看| 99热精品在线国产| 男人舔女人下体高潮全视频| 亚洲人成电影免费在线| 亚洲av二区三区四区| 欧美一区二区国产精品久久精品| 日韩欧美在线二视频| 日韩精品青青久久久久久| 中亚洲国语对白在线视频| 午夜影院日韩av| 夜夜爽天天搞| 中文字幕av在线有码专区| 亚洲美女视频黄频| 免费在线观看成人毛片| 欧美区成人在线视频| 偷拍熟女少妇极品色| 成人18禁在线播放| 女人高潮潮喷娇喘18禁视频| 禁无遮挡网站| 757午夜福利合集在线观看| 国产av不卡久久| 亚洲久久久久久中文字幕| 国产三级中文精品| 99riav亚洲国产免费| 欧美+日韩+精品| 亚洲精品色激情综合| 99久国产av精品| 两个人的视频大全免费| 69人妻影院| 国产av麻豆久久久久久久| 久久精品夜夜夜夜夜久久蜜豆| 午夜激情欧美在线| 小说图片视频综合网站| 天美传媒精品一区二区| 成人欧美大片| 国产精品久久久人人做人人爽| 亚洲人成伊人成综合网2020| 日本黄色视频三级网站网址| 女人十人毛片免费观看3o分钟| 午夜视频国产福利| 免费电影在线观看免费观看| www国产在线视频色| 久久久久久人人人人人| 亚洲五月天丁香| 在线播放无遮挡| 波多野结衣高清作品| 熟女少妇亚洲综合色aaa.| 国产精品影院久久| 免费观看的影片在线观看| 欧美绝顶高潮抽搐喷水| 琪琪午夜伦伦电影理论片6080| 午夜久久久久精精品| 日韩欧美精品v在线| 国产真实乱freesex| 日本成人三级电影网站| 51午夜福利影视在线观看| 国产探花在线观看一区二区| 国产精品久久久久久精品电影| 色视频www国产| 国产免费一级a男人的天堂| 亚洲五月天丁香| 又黄又粗又硬又大视频| 琪琪午夜伦伦电影理论片6080| 国产又黄又爽又无遮挡在线| 丁香欧美五月| 99热6这里只有精品| 亚洲中文字幕日韩| 久久亚洲真实| 国产成+人综合+亚洲专区| АⅤ资源中文在线天堂| 中文字幕人妻熟人妻熟丝袜美 | 黑人欧美特级aaaaaa片| avwww免费| 首页视频小说图片口味搜索| 91字幕亚洲| 欧美乱妇无乱码| 网址你懂的国产日韩在线| 亚洲av一区综合| 丁香六月欧美| 男女床上黄色一级片免费看| 成人18禁在线播放| 五月伊人婷婷丁香| 国内精品久久久久久久电影| 悠悠久久av| a在线观看视频网站| 国产精品国产高清国产av| 听说在线观看完整版免费高清| 99精品在免费线老司机午夜| 免费电影在线观看免费观看| 亚洲国产精品久久男人天堂| 18禁黄网站禁片免费观看直播| 中文字幕精品亚洲无线码一区| 老汉色∧v一级毛片| 一边摸一边抽搐一进一小说| 日韩精品中文字幕看吧| 俄罗斯特黄特色一大片| 小蜜桃在线观看免费完整版高清| 久久精品影院6| 老师上课跳d突然被开到最大视频 久久午夜综合久久蜜桃 | 草草在线视频免费看| 最新在线观看一区二区三区| 国产三级中文精品| 国产真实乱freesex| 精品国产超薄肉色丝袜足j| 亚洲五月天丁香| 日韩精品中文字幕看吧| 国产黄色小视频在线观看| 少妇的逼水好多| 九色成人免费人妻av| 国产aⅴ精品一区二区三区波| 搡女人真爽免费视频火全软件 | 亚洲专区中文字幕在线| 真人一进一出gif抽搐免费| 熟女电影av网| 夜夜爽天天搞| 国产精品国产高清国产av| 天美传媒精品一区二区| 国产熟女xx| 淫秽高清视频在线观看| 窝窝影院91人妻| 亚洲熟妇中文字幕五十中出| 男女那种视频在线观看| 国产私拍福利视频在线观看| 99久久成人亚洲精品观看| 久久精品国产自在天天线| 亚洲一区高清亚洲精品| 午夜免费成人在线视频| 国产中年淑女户外野战色| 日本免费一区二区三区高清不卡| 国产淫片久久久久久久久 | 日本五十路高清| 午夜激情欧美在线| 亚洲专区中文字幕在线| 麻豆成人午夜福利视频| 我的老师免费观看完整版| 午夜精品在线福利| 亚洲中文字幕一区二区三区有码在线看| 在线观看午夜福利视频| 日本成人三级电影网站| 一区二区三区免费毛片| 在线观看66精品国产| 亚洲aⅴ乱码一区二区在线播放| 国产伦在线观看视频一区| 99国产综合亚洲精品| 中文字幕av在线有码专区| 久久精品综合一区二区三区| 国产av麻豆久久久久久久| 哪里可以看免费的av片| 啦啦啦韩国在线观看视频| 国产高清视频在线观看网站| 高潮久久久久久久久久久不卡| 亚洲18禁久久av| 久久久精品大字幕| 一二三四社区在线视频社区8| 精品一区二区三区av网在线观看| 国产高清视频在线观看网站| 久久久精品大字幕| АⅤ资源中文在线天堂| 国产激情欧美一区二区| АⅤ资源中文在线天堂| 国产av麻豆久久久久久久| 国产精品三级大全| 少妇的逼水好多| 露出奶头的视频| 真人做人爱边吃奶动态| 琪琪午夜伦伦电影理论片6080| 午夜视频国产福利| 亚洲狠狠婷婷综合久久图片| 99久久99久久久精品蜜桃| 国产精品爽爽va在线观看网站| 亚洲av中文字字幕乱码综合| 久久精品综合一区二区三区| 欧美高清成人免费视频www| 综合色av麻豆| 香蕉久久夜色| 欧美日韩乱码在线| 欧美激情久久久久久爽电影| 欧美黑人巨大hd| 欧美日韩瑟瑟在线播放| 最近视频中文字幕2019在线8| 精品久久久久久久久久免费视频| 男女做爰动态图高潮gif福利片| 老司机午夜福利在线观看视频| 欧美又色又爽又黄视频| 国产成人aa在线观看| 麻豆久久精品国产亚洲av| 九九热线精品视视频播放| 在线播放国产精品三级| 日本与韩国留学比较| 一级作爱视频免费观看| 色哟哟哟哟哟哟| 男插女下体视频免费在线播放| 国产探花极品一区二区| av在线天堂中文字幕| av专区在线播放| 三级国产精品欧美在线观看| a级毛片a级免费在线| 精品国内亚洲2022精品成人| 在线免费观看的www视频| 亚洲av电影不卡..在线观看| 老熟妇仑乱视频hdxx| 一本久久中文字幕| 国产精品乱码一区二三区的特点| 久久久精品欧美日韩精品| 窝窝影院91人妻| 97超视频在线观看视频| 99久国产av精品| 婷婷精品国产亚洲av在线| 久久午夜亚洲精品久久| 亚洲人成网站在线播放欧美日韩| 久久99热这里只有精品18| 一区二区三区激情视频| 嫩草影院入口| 岛国在线观看网站| 日本免费a在线| 欧美日韩国产亚洲二区| 国产精品一区二区三区四区久久| 最近最新中文字幕大全电影3| 午夜福利欧美成人| 国产日本99.免费观看| 亚洲精品亚洲一区二区| 国产成人a区在线观看| 老司机深夜福利视频在线观看| 长腿黑丝高跟| 成熟少妇高潮喷水视频| 亚洲精品在线观看二区| 久久午夜亚洲精品久久| 在线观看66精品国产| 国产黄色小视频在线观看| 在线国产一区二区在线| 国产高清视频在线观看网站| 丰满人妻熟妇乱又伦精品不卡| 国产成人系列免费观看| 很黄的视频免费| 久久久久久人人人人人| 久久午夜亚洲精品久久| 熟女电影av网| 母亲3免费完整高清在线观看| 无限看片的www在线观看| 一个人免费在线观看的高清视频| 淫妇啪啪啪对白视频| 久久精品国产清高在天天线| 欧美中文综合在线视频| 日韩成人在线观看一区二区三区| 丰满人妻熟妇乱又伦精品不卡| 亚洲av成人av| 亚洲国产日韩欧美精品在线观看 | 可以在线观看毛片的网站| 黄色视频,在线免费观看| 国产精品一区二区三区四区免费观看 | 免费av观看视频| 51午夜福利影视在线观看| 欧美日韩综合久久久久久 | 欧美一区二区国产精品久久精品| 国产精品乱码一区二三区的特点| 午夜福利视频1000在线观看| 精品人妻1区二区| 亚洲av电影不卡..在线观看| 亚洲18禁久久av| 在线观看舔阴道视频| 男女视频在线观看网站免费| 两个人的视频大全免费| 免费看日本二区| 国产91精品成人一区二区三区| 美女被艹到高潮喷水动态| 观看美女的网站| 久久国产精品影院| 热99re8久久精品国产| 3wmmmm亚洲av在线观看| 亚洲人成网站高清观看| 国产精品女同一区二区软件 | 国产精品99久久久久久久久| 午夜老司机福利剧场| 亚洲 国产 在线| 精品日产1卡2卡| 五月玫瑰六月丁香| 熟妇人妻久久中文字幕3abv| 男人的好看免费观看在线视频| 日韩人妻高清精品专区| 婷婷丁香在线五月| 亚洲熟妇中文字幕五十中出| 欧美绝顶高潮抽搐喷水| 青草久久国产| 人人妻人人澡欧美一区二区| 中文字幕人妻熟人妻熟丝袜美 | 免费无遮挡裸体视频| 欧美色视频一区免费| 国产真实伦视频高清在线观看 | 人妻久久中文字幕网| 欧美黑人欧美精品刺激| 搞女人的毛片| tocl精华| 精华霜和精华液先用哪个| 精品久久久久久久久久免费视频| 我要搜黄色片| 国产午夜福利久久久久久| 日本黄色片子视频| 丰满人妻一区二区三区视频av | 麻豆成人av在线观看| 精品人妻1区二区| 操出白浆在线播放| 我的老师免费观看完整版| 国产精品美女特级片免费视频播放器| 91字幕亚洲| 桃色一区二区三区在线观看| 我的老师免费观看完整版| 久久性视频一级片| 亚洲成人免费电影在线观看| 18禁裸乳无遮挡免费网站照片| 麻豆成人av在线观看| 少妇人妻精品综合一区二区 | 啦啦啦免费观看视频1| 精品一区二区三区av网在线观看| 天美传媒精品一区二区| 不卡一级毛片| 婷婷丁香在线五月| 国产黄a三级三级三级人| 又黄又爽又免费观看的视频| 欧美日韩一级在线毛片| 热99在线观看视频| 午夜免费男女啪啪视频观看 | 欧美一区二区精品小视频在线| 99久久综合精品五月天人人| 九色成人免费人妻av| 成人国产综合亚洲| 国产美女午夜福利| 色综合亚洲欧美另类图片| 日韩欧美在线乱码| 一区二区三区免费毛片| 国产男靠女视频免费网站| 国产又黄又爽又无遮挡在线| 在线观看美女被高潮喷水网站 | 午夜影院日韩av| 亚洲人成网站高清观看| 亚洲欧美一区二区三区黑人| 两个人的视频大全免费| 国产精品久久电影中文字幕| 欧美日韩中文字幕国产精品一区二区三区| 国产精品1区2区在线观看.| 一进一出抽搐动态| 欧美午夜高清在线| 欧美乱色亚洲激情| 久久性视频一级片| 国产一区在线观看成人免费| 丁香六月欧美| 欧美成人一区二区免费高清观看| 2021天堂中文幕一二区在线观| 国产在线精品亚洲第一网站| 午夜亚洲福利在线播放| 12—13女人毛片做爰片一| 欧美中文综合在线视频| 久久久精品欧美日韩精品| 一区二区三区激情视频| 欧美在线一区亚洲| 在线观看免费视频日本深夜| 首页视频小说图片口味搜索| АⅤ资源中文在线天堂| 婷婷精品国产亚洲av| 99久久精品国产亚洲精品| 日本精品一区二区三区蜜桃| 国产精品国产高清国产av| 三级毛片av免费| 黄片小视频在线播放| 亚洲最大成人中文| 欧美日韩一级在线毛片| 一进一出好大好爽视频| 午夜免费男女啪啪视频观看 | 免费看a级黄色片| 日本一本二区三区精品| 亚洲av第一区精品v没综合| 国产高清视频在线播放一区| www.熟女人妻精品国产| 少妇裸体淫交视频免费看高清| 99久久久亚洲精品蜜臀av| 丰满人妻熟妇乱又伦精品不卡| 深爱激情五月婷婷| 国产高潮美女av| 欧洲精品卡2卡3卡4卡5卡区| 叶爱在线成人免费视频播放| 免费在线观看影片大全网站| 色尼玛亚洲综合影院| 亚洲av一区综合| 久久久久久人人人人人| 中文字幕人妻熟人妻熟丝袜美 | 精品国产亚洲在线| 老司机福利观看| or卡值多少钱| 一级黄色大片毛片| 蜜桃亚洲精品一区二区三区| 久久久久久久午夜电影| 全区人妻精品视频| 99久久综合精品五月天人人| a级毛片a级免费在线| 欧美日韩黄片免| svipshipincom国产片|