• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

    2022-08-23 02:18:04MamoonaHumayunNZJhanjhiMaramFahhadAlmufarehandMuhammadIbrahimKhalil
    Computers Materials&Continua 2022年6期

    Mamoona Humayun,NZ Jhanjhi,Maram Fahhad Almufareh and Muhammad Ibrahim Khalil

    1Department of Information Systems,College of Computer and Information Sciences,Jouf University,Al-Jouf,KSA

    2School of Computer Science and Engineering(SCE),Taylor’s University,Selangor,Malaysia

    3Department of Computer Science,Bahria University,Islamabad,Pakistan

    Abstract:Security is critical to the success of software,particularly in today’s fast-paced, technology-driven environment.It ensures that data, code, and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capability maturity model integration).However, there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,in which security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components, and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC, despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap, we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC, resulting in more secure applications.

    Keywords: Security; secure software development; software development life cycle(SDLC);confidentiality;integrity;availability

    1 Introduction

    Software security is a process that includes the design,development,and testing of software for security where vulnerabilities are detected and revealed by the software itself[1–3].It fundamentally requires a proactive approach that takes place within the pre-deployment process.It’s all about making the software development team do a great job to make it easier for operators.A simple error sometimes can end up causing millions of dollars of losses in today’s business processes.But unfortunately,many software development companies do not follow best practices to incorporate security in SDLC[4,5].This negligence includes lack of awareness, fear of time and cost overrun, use of third-party components and, lack of qualified professionals, etc.Due to the popularity and excessive usage of internet applications such as the internet of things,cloud computing,social media systems,etc., the number of security vulnerabilities is also overgrowing[6–9].

    SDLC is a mechanism that generates the best quality and low-cost software in the shortest possible time.It offers a well-structured step flow that helps an enterprise easily produce high-quality, welltested,and ready-to-use software.The common phases of SLDC include planning,analysis, design,implementation, testing & integration, and maintenance [10–12].All these phases are dependent on each other and are of equal importance.If security is incorporated during all phases of SDLC then the resultant product will not be vulnerable to security threats.This is only possible if a secure SDLC process is followed, secure SDLC ensures that security-related activities are an integral part of the overall development effort[13–16].

    Traditional security mechanisms mainly focus on network systems, and they spent a huge amount of money to make their network secure.These mechanisms include IDs(Intrusion detection system), firewalls, encryption, antivirus, and antispyware [17–19].Further, security is considered an afterthought that is usually addressed after completing the development cycle using the approach of P&P(penetrate and patch),which means creating the patches for the available flaws.The drawback of the P&P technique is that the application users do not apply these patches.Further,attackers might plan and penetrate new vulnerabilities[20–23].According to a report published by RiskIQ,security vulnerabilities alone cost as much as$25 per minute to the major companies while crypto companies face the loss of almost$2000 per minute due to cybercrimes[24].Another report presented by positive technologies;9 out of 10 web applications are vulnerable to security threats and about 39%of websites are vulnerable to unauthorized access,while data breach is a threat for about 64%of applications[25].According to this report,82 percent of vulnerabilities were due to flaws in code.This report has also published the severity of web application vulnerabilities in the past.This shows that security is one of the serious issues in the current era that need to be addressed carefully during SDLC.Further,the relative cost of addressing bugs and failure increase as the project progress as mentioned in the IBM system science institute report[26].Therefore,handling security from the beginning of the project is necessary to save the software from future security breaches.

    It is evident from the above discussion that secure software development is inevitable for improving project quality and reducing bug fixing cost, and there exists no explicit solution to this problem.As a contribution to research, we reviewed the current literature on vulnerability evaluation and assessment in SDLC and outlined the security best practices to evaluate and quantify security threats and vulnerabilities in SDLC.Based on the identified best practices, we have proposed a secure SDLC framework.The proposed framework tries to mitigate the security vulnerabilities in SDLC by addressing end-to-end security.The proposed framework is validated using a mathematical model and a case study.Fig.1 illustrates the research process that was followed to carry out this research study.

    Figure 1:Research process

    The results of the case study show that the proposed approach helps incorporate security in SDLC.The remaining paper is structured as; Section 2 describes the existing work to highlight the best practices and techniques available for the assessment and measurements of security threats and vulnerabilities.Section 3 presents our proposed framework that addresses security in SDLC.Sections 4&5 evaluate the proposed framework using mathematical modeling and case study.Section 6 discusses the findings of the study.Section 7 concludes this paper by providing directions for future work.

    2 Literature Review

    This section will provide an overview of some latest research in secure software development to highlight the best practices that need to be followed for developing quality software.Further,it will pave the way for the proposed framework.

    In paper[27],an integrated security framework is proposed for secure SDLC.Security test cases and guidelines were generated based on the security activities, and best practices followed in secure SDLC.Security testing tools were integrated for the automation of test case execution.A prototype was constructed to evaluate the proposed framework.The results of the experiment showed that the proposed approach provides stable service with enhanced quality and security.In Paper[20],a Multivocal literature review was conducted to identify the best practices for designing secure software.Based on identified best practices,a framework Secure Software Design Maturity Model(SSDMM)was developed.The framework was evaluated using case studies,and the results show that SSDMM helps measure the maturity level of an organization.Further, SSDMMM helps organizations in the evaluation and improvement of software design security practices.

    In paper [28], a systematic literature review (SLR) was performed to pinpoint the required practices for developing secure software.This paper also amended Somerville’s requirement engineering practices.After identifying best requirement practices, a framework for secure requirement engineering named as Requirements Engineering Security Maturity Model(RESMM)was developed.The proposed framework was tested using questionnaires and case studies.The results show that the proposed framework is useful and easily adaptable.According to[29],security is not considered in the overall SDLC due to which a lot of security breaches occur.This paper presents a secure paradigm that is an extension of security development practices in agile methodology to overcome this problem in web application development.The proposed paradigm consists of three phases namely,inception,construction,and transition.Further,this paper classifies security vulnerabilities and common risks and threats that occur during web application development.Based on identified gaps,a framework is proposed for secure web application development.The survey method was used for the evaluation of the proposed framework,and the results were satisfactory.

    According to the paper[30],the use of best practices for risk management should be followed in overall SDLC for getting a quality software product.This paper discussed various practices of risk management and security in different phases of SDLC.It provides an insight to the researchers and practitioners about the existing best practices that need to be followed.According to[31],security is an important aspect of software systems.However, existing studies do not address it explicitly into SDLC,therefore,this study identified important security policies,practices,and tools within SDLC and proposed a model for incorporating these elements into SDLC.This research study used a case study-based approach for answering research questions.Further,an expert review was conducted for the validation of the proposed model.

    Paper [32] concludes that understanding software and proper application methods results in a reliable and quality software product.This research identified the issues that occurred while incorporating security into SDLC along with suitable solutions.Further,it discussed some securityrelated issues in detail such as security testing, threat modeling, risk assessment, and other suitable techniques that help in developing secure software.Paper[33]investigates security aspects in various phases of SDLC and evaluates these aspects with the help of the research community and software engineers.The results obtained from this qualitative study were analyzed using the SPSS tool,some security rules were also proposed for various phases of SDLC.

    According to [34], security has been considered an afterthought for a long time.However, this approach is not suitable in today’s fast-paced economy.Security needs to be incorporated from the beginning of software till the end.This paper provides an overview of security plans in various phases of SDLC.Further,it emphasizes the importance of good governance for the success of the project.A systematic mapping study is performed in[35]to identify the existing security approaches,followed in SDLC.In this paper,118 studies were selected as the primary studies,and 52 security practices were identified from the selected studies.According to study findings, most of the security practices are being followed in the coding stage of SDLC.

    It is obvious from the above discussion that incorporating security in different phases of SDLC is inevitable for quality software.There exist various studies that discuss the importance of incorporating security in SDLC,however,still there exists space for further research in the area.As a contribution towards this research direction, first, we have highlighted the common reasons for security flaws in SDLC as shown in Fig.2.by providing a taxonomy of SDLC [36–42].Next, we have proposed an approach that will incorporate security best practices in various phases of SDLC as mentioned in the upcoming section.Further, we have proposed a secure SDLC framework in the next section that is evaluated using a mathematical model and case study.

    Figure 2:A taxonomy of security flaws reasons in SDLC

    3 Proposed Framework

    This section will discuss different phases of SDLC,the discussion of each phase will focus on three dimensions; the tasks performed in that phase, security issues involved, and mitigation strategies.It will not only provide a detailed overview of secure SDLC rather will also pave the way for our proposed solution.Below we discuss these phases briefly.

    3.1 Requirement Phase

    Requirement engineering is the first phase of SDLC,and the success of this phase leads towards a better software product.Further,handling security from the requirement phase help to save rework and additional cost.The tasks performed at this level are listed in Column 1 of Tab.1 [43–45].Existing literature on requirement security has highlighted different issues that might occur if security is not incorporated from the beginning.Some common security issues that might occur during the requirement phase of SDLC are listed in column 2 of Tab.1[30,33,46,47].To accomplish this phase and to address security from the beginning,best practices need to be followed.Different researchers have proposed different practices that need to be followed.Column 3 of Tab.1 list down the commonly used best practices for handling security during the requirement phase of SDLC[28,30,33,48–50]

    Table 1: Requirement phase activities/issues and solutions

    Table 1:Continued

    3.2 Design Phase

    Design is an essential step of the SDLC because it determines the look and sound of the app.Furthermore, it offers a user-interactive platform, making it vulnerable to numerous security threats.The important tasks performed during this phase are listed in Column 1 of Tab.2 [51–55].Common security issues that are usually faced during software design are listed in Column 2 of Tab.2[20,53,56–59]while security best practices are listed in Column 3 of Tab.2[13,14,20,28,52,53,60,61]

    Table 2: Design phase activities/issues and solutions

    Table 2:Continued

    3.3 Coding Phase

    The practice of secure coding is inevitable for safeguarding computer software against security vulnerabilities; therefore, the coding phase is among the critical phases of SDLC.Tasks performed during this phase are listed in Column 1 of Tab.3 The selection of appropriate coding language and classification of modules is a challenging task.Further,the reusability of code also creates a challenge if security is not considered while coding.Column 2 of Tab.3 list down the security issues that are usually faced during the coding phase while best practices of secure coding are listed in Column 3 of Tab.3[28,33,62–70]

    Table 3: Coding phase activities/issues and solutions

    3.4 Testing&Integration Phase

    The testing&integration phase aims to make sure that all the system components provide their required functionality alone and as part of the whole system.The tasks involved in this phase are listed in colum1 of Tab.4.This phase aims to find possible bugs and errors in the system and remove them.Some common security issues involved in this phase are listed in Column 2 of Tab.4.This phase gives the final touch to the software before deployment therefore quality must be assured.Column 3 of Tab.4 lists down the best practices that help to make this phase secure and successful[71–77].

    Table 4: Testing&integration phase activities/issues and solutions

    3.5 Deployment Phase

    This is the last stage of SDLC which handles the release and change management.In this phase,the software is installed in its actual environment.It seems simple but pairing the software with the existing environment is sometimes complex.Patches are created to handle the flaws;this makes the software vulnerable to various security threats.Column 1 of Tab.5 lists down the tasks that are performed in this stage.Some common security issues involved in this stage are listed in Column 2 of Tab.5.Further,customer satisfaction is very important at this level therefore Column 3 of Tab.5 list down the best practices that need to be considered for making this phase successful[78–83].

    Table 5: Deployment phase activities/issues and solutions

    The above discussion has highlighted the brief details of SDLC phases along with security issues and mitigation strategies.Based on identified challenges and best practices for each phase of SDLC,we have developed a framework as shown in Fig.3.This framework addresses security in overall SDLC by incorporating security best practices in different phases of SDLC.The framework is divided into two dimensions.The horizontal dimension of the framework shows SDLC phases while the vertical dimension of the framework list down the details of the tasks performed during each phase of SDLC,security issues involved in each phase,and corresponding mitigation strategies.

    Figure 3:Proposed secure SDLC framework

    According to the proposed framework,security best practices need to be incorporated from the beginning of the project until deployment to get secure and quality software.The practices mentioned in the above framework will not only make the software secure but will also not add much to the project budget and time.The detail of the framework is also presented in the form of an algorithm.

    Algorithm 1:Algorithm for Proposed Approach Let R=Requirements, D=Design, C=Coding/implementation, T&I=testing and integration,M=maintenance,T=Threat,ART=artifacts 1.Begin(Continued)

    Algorithm 1:Continued 2.Use SREP() //follow Secure Requirement Engineering Process(SREP)a.Agree on R //all stakeholders need to be agreed on requirement definitions b.Identify CVA //identify Critical and Vulnerable Assets(CVA)c.Identify RD //identify Requirement Dependencies(RD)d.Identify T //identify threat e.develop ART //develop corresponding artifacts f.Identify RS //identify possible Risks(RS)g.Elicit SR //elicit Security Requirements(SR)h.Perform RPC //perform Requirement Prioritization&Classification(RPC)i.Perform RI //perform Requirement Inspection(RI)j.Update RR //update Requirement Repository(RR)3.If Step a to j are successful then Go to 5 4.Else Go to 2 5.Perform SSD() //follow Secure Software Design(SSD)a.Follow EOM //Apply Economy of Mechanism(EOM)and keep your design as simple as you can b.Apply FSD //Apply False-Safe Default(FSD)principles to make sure that failure of any activity will prevent unsafe operation c.Apply ACM //Apply Access Control Mechanism(ACM)to make sure that every object is checked for authorization d.Give LP //give Least Privileges LP)e.Follow LCM //Least Common Mechanism(LCM)to restrict shared resource access f.Ensure PA //Psychological Acceptability(PA)of design automatically incorporate basic security g.Apply DID //Defense in Depth(DID)include multilevel security h.Perform DR //Design Review(DR)should be performed to validate design 6 f Step a to h are successful then Go to 8 7.Else Go to 5 8.Perform SC() //perform Secure Coding(SC)by following secure coding checklist and practices a.Follow SCP //follow OWASP Secure Coding Practices(SCP)and checklists b.Follow GCP //follow OWASP General Coding Practices(GCP)c.Perform PP //perform Pair Programing(PP)if possible 9.If Step a to c are successful then Go to 11 10.Else Go to 8 11.Perform ST&I() //Perform Secure Testing and Integration(ST&I)a.Generate TC //Test Cases(TC)should be generated based on the output of Step 2 b.Perform FT //perform Functional Testing(FT)c.Perform NFT //perform Nonfunctional Testing(NFT)d.Perform IT //perform Integration Testing(IT)(Continued)

    Algorithm 1:Continued 12.If Step a to d are successful then Go to 14 13.Else Go to 11 14.Perform M()a.Document CMP //documents Change Management Process(CMP)b.Follow CMP //follow change management process c.Plan SR //Plan Support Resources(SR)15.If Step a to c are successful then Go to 17 16.Else Go to 14 17.END

    4 Framework Evaluation Using Mathematical Modeling

    Before proceeding towards mathematical modeling,we first define notations used in the mathematical model for getting a better understanding.Tab.6 lists down the notations of our mathematical model.

    Table 6: Notations sued in the mathematical model

    According to the proposed framework,secure SDLC need to incorporate security in overall SDLC as shown in Eq.(1)

    The proposed framework aims to enhance security,therefore,the objective function in our case will be as shown in Eq.(2)

    The Requirement phase of SDLC can be improved by following best practices as mentioned in the proposed framework.Hence the requirement phase can be modeled as

    whereX1,X2...Xnis a set of best practices that need to be followed by organizations for making the requirement phase secure.To measure the security of this phase,we need to assign a weight to eachX1,X2...XnasW1,W2...Wnand set a threshold value forR.In this case,the measurement of R will be done using the formula in Eq.(4)as follows.

    Eq.(4)must be true for secure completion of the requirement phase.The value ofTvvaries from project to project and will be determined based on the project’s nature.In the same way,secure design can be achieved by following the best design practices as shown in Eq.(5)

    whereY1,Y2,Y3...Ynare best practices that need to be followed for making software design secure?To measure the security of software design,the organization need to set the value ofTvbased on the nature of the project and assign weights to eachY1,Y2,Y3...Yn.Then the measurement of design security will be done using the formula mentioned in Eq.(6)

    Eq.(6)must be true for the completion of the secure software design phase.Once the requirement and design phase is complete, the organization moves towards the coding phase.Whatsoever the development model an organization is following,the basic activities/phases of SDLC remain almost the same.To make the coding process secure,organizations need to follow the best security practices during coding as mentioned in Eq.(7).

    whereZ1,Z2,Z3...Znare the secure coding practices that need to be considered during the coding phase of SDLC.The security of the coding phase will be measured by assigning weights to eachZ1,Z2,Z3...Znaccording to their priority in the project.The formula in Eq.(8) will be used to measure the security of the coding phase by setting the value ofTvaccording to the organization’s preferences.

    The weighted total of coding practices must be greater than the set threshold value for secure coding.Once the coding is done securely,the software team moves towards the testing and integration phase.This phase is critical as all the bugs and errors must be removed during this phase otherwise software will be handover to the customer after the completion of this phase.Customer acceptability is inevitable for business continuity and project acceptance therefore security of the testing and integration phase must be ensured.The organizations need to follow security best practices during this phase as shown in Eq.(9).

    whereU1,U2,U3...Unare the security best practices that need to be incorporated in the testing and integration phase of SDLC for making it secure.To measure the security of this phase,the formula in Eq.(10)will be used.

    The weighted total of best testing and integration practices should result in more than the set threshold value for ensuring the security of this phase.

    The last phase of SDLC is a deployment where software is installed in its working environment,any change requested by the user is accommodated at this stage.This phase should be planned carefully to avoid any inconsistency and dissatisfaction from the user.According to the proposed model,a set of best practices need to be followed during this phase to make it secure and satisfactory.Eq.(11)illustrates the best practices of the deployment phase.

    whereV1,V2,V3...Vnare the best practices that need to be considered during the deployment phase of SDLC for making it secure.To measure the security of this phase,the formula in Eq.(12)will be used.

    The weighted total of the best practices incorporated in the deployment phase must be greater than the set value of the threshold for the secure execution of this phase.

    Once all the phases of SDLC are done while considering security as a priority and incorporating security best practices in SDLC.The organizations need to check the overall security of the project against a threshold value that is set for the project based on its nature.The accumulative security can be calculated using the formula of Eq.(13)

    where accumulative security must be greater than the set value of the accumulative threshold as shown in Eq.(14)

    Once the organization achieves accumulative security for its developed software by incorporating the best practices mentioned in the proposed framework, the resultant software is resistant against security vulnerabilities and threats.

    5 Framework Evaluation Using Case Study

    Security is inevitable for all kinds of software projects;however,it varies from project to project.Some systems are security-critical as compared to others.The traditional security mechanism of P&P is sometimes more costly and complex.Therefore,security must be incorporated in the overall SDLC.There exist various approaches for integrating security into SDLC but still,the problem persists.To handle security in overall SDLC, we have proposed a secure SDLC framework.According to the proposed framework,Security must be incorporated from the beginning until the software is deployed in its working environment.

    The organization XYZ follows the proposed framework,it set the values for different parameters according to the project’s nature.The concept mapping technique is used to measure the actual values of best practices used in various phases of SDLC.In this technique,important concepts related to the practice are identified and a panel of a software team is asked to map these concepts based on their understanding.This technique is very useful for measuring qualitative attributes [84–86].The last column of Tab.7 shows the obtained value for each security best practice using the concept mapping technique.Column 3 of Tab.7 shows the weight for each practice that was decided based on the nature of the project and the importance of that practice for the project’s security.

    Table 7: Data used for cases study

    Table 7:Continued

    Sc(R)= 1/n(X1W1+X2W2+X3W3...+XnWn)Where n is the total number of best security practices used during the requirement phase.By substituting the values from Tab.7 into the above equation we get

    The total value ofSc(R)is 0.7794 while the threshold value is 0.75 as shown in Tab.8.This shows that incorporating the security best practices in the requirement phase of SDLC help to improve the security of this phase.

    Table 8: Threshold values for SDLC phases

    Similarly,Sc(D)= 1/n(Y1W1+Y2W2+Y3W3...+YnWn)by substituting the obtained values for each security best practice during the design phase of SDLC into the above equation we get

    The obtained security value ofSc(D)is 0.70 while the threshold value is 0.68.This also shows that the security best practices mentioned in the proposed framework help in improving the security of the design phase.

    Sc(C)= 1/n(Z1W1+Z2W2+Z3W3...+ZnWn)By substituting the obtained values for secure coding practices into the given equation we obtained results as

    The obtained security value for the coding phase is 0.56 while the threshold value is 0.55.This shows that organizations need to incorporate security best practices during the SDLC coding phase as mentioned in the proposed framework.

    The security values of the testing & integration phase can be calculated by using the formula.Sc(TI)= 1/n(W1+U2W2+U3W3...+UnWn)By substituting the values from Tab.3 into the above equation we get

    Sc(TI)=1/5((0.80)(0.80)+(0.90)(0.90)+(0.95)(0.90)+(0.85)(0.80)+(0.95)(0.90))

    =3.84/5=0.768

    The security value for testing and integration phase obtained after applying security best practices as mentioned in the proposed framework is 0.768 which is higher than the threshold value of 0.60.This shows that the proposed framework helps improve the security of testing&integration phase of SDLC.Sc(Dp)= 1/n(V1W1+V2W2+V3W3...+VnWn)by substituting the obtained values in the equation,we get

    =1/3((0.80)(0.90)+(0.80)(0.85)+(0.80)(0.80))=2.04/3=0.68

    The obtained security value for the deployment phase is 0.68 which is greater than the threshold value of 0.50 which shows that security best practices need to be incorporated in the SDLC deployment phase.

    Now we find the accumulative security by using the formula below.

    The obtained value for accumulative security is 0.70 which is also greater than the threshold value for the cumulative security of 0.60.The results of the case study show that the proposed framework helps improve the security of SDLC.

    6 Discussion

    Security is one of the important factors that need to be considered from the very beginning of the software development process.Bugs and errors which are detected in the early phases of development are easy and cheap to handle as compared to the ones which are captured during later phases.Therefore, incorporating security in overall SDLC is inevitable for secure software development as well as organizations’business continuity and avoiding rework.Traditionally, security is considered an afterthought activity that is handled by creating patches for the flaws identified during testing of the project or after deployment.However,the P&P strategy is not easy to implement in today’s software development environment where billions of devices are interconnected,and software has to work as an integral part of the overall system.

    To incorporate security in the overall development cycle,we have done a detailed literature review and identified the best practices that help manage security in SDLC.Based on the identified security best practices, we have formulated a secure SDLC framework.The structure of the framework that has been suggested is two-dimensional.The phases of SDLC are represented on the horizontal axis,while the vertical axis is separated into three layers;layer 1 highlights the critical tasks performed in the corresponding SDLC process.Layer 2 describes the security issues involved in the SDLC phase while best practices for overcoming the listed security problems are discussed in layer 3.The proposed framework was modeled mathematically and was also evaluated using a case study.The case study results show that incorporating security best practices in different phases of SDLC improve software security.

    7 Conclusion and Future Work

    One of the most critical things to be considered from the start of the software development process is security.When bugs and defects are discovered early in the production process,they are easier and less expensive to fix than those discovered later.In the past,many software failed due to negligence of the security factor.Testing the software for security after development is not only time-consuming and complex;rather,it increases the time and cost of the project.To avoid complexity and project failure at a later stage,it is necessary to consider security as an important attribute of the software from the beginning of the project until the deployment.To address this issue, we have provided a framework based on existing security best practices for different phases of SDLC.The proposed framework was evaluated using a mathematical model and a case study and results show that the proposed framework helps improve the security of SDLC.

    In the future,we are planning to extend the proposed framework by incorporating more security best practices and evaluating it on a security-critical project.

    Funding Statement:The authors received no specific funding for this study

    Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.

    成在线人永久免费视频| 国产精品免费一区二区三区在线 | 午夜激情av网站| 欧美久久黑人一区二区| 精品第一国产精品| √禁漫天堂资源中文www| 国产高清国产精品国产三级| av国产精品久久久久影院| 一级毛片女人18水好多| 亚洲成人手机| 一边摸一边抽搐一进一出视频| 天堂8中文在线网| √禁漫天堂资源中文www| 一级片'在线观看视频| 十八禁高潮呻吟视频| 国产无遮挡羞羞视频在线观看| 国产欧美日韩一区二区三区在线| 亚洲国产看品久久| 日韩熟女老妇一区二区性免费视频| 婷婷成人精品国产| 亚洲专区国产一区二区| 国产极品粉嫩免费观看在线| 熟女少妇亚洲综合色aaa.| 丝袜人妻中文字幕| 免费久久久久久久精品成人欧美视频| 在线观看舔阴道视频| 熟女少妇亚洲综合色aaa.| 黄色视频,在线免费观看| 纵有疾风起免费观看全集完整版| 69av精品久久久久久 | 在线观看免费视频网站a站| 日韩 欧美 亚洲 中文字幕| 精品少妇黑人巨大在线播放| h视频一区二区三区| 久久久久久人人人人人| 国产av国产精品国产| 国产一区二区在线观看av| 亚洲av电影在线进入| 麻豆乱淫一区二区| 在线观看www视频免费| 精品高清国产在线一区| av国产精品久久久久影院| 在线av久久热| 国产一区二区 视频在线| 天天躁狠狠躁夜夜躁狠狠躁| 精品少妇一区二区三区视频日本电影| 99国产极品粉嫩在线观看| 欧美激情 高清一区二区三区| 国产精品九九99| 丝袜美腿诱惑在线| 热99re8久久精品国产| 国产亚洲午夜精品一区二区久久| 我要看黄色一级片免费的| 免费日韩欧美在线观看| 激情在线观看视频在线高清 | 国产精品欧美亚洲77777| 窝窝影院91人妻| 久久久精品94久久精品| av不卡在线播放| 欧美精品一区二区大全| 交换朋友夫妻互换小说| 18禁裸乳无遮挡动漫免费视频| 国产aⅴ精品一区二区三区波| 夜夜骑夜夜射夜夜干| 亚洲欧美激情在线| 涩涩av久久男人的天堂| 久久精品国产亚洲av高清一级| 国产一区二区在线观看av| 色综合欧美亚洲国产小说| 高潮久久久久久久久久久不卡| 一本综合久久免费| 热re99久久精品国产66热6| 在线观看人妻少妇| 女人久久www免费人成看片| 亚洲五月婷婷丁香| 欧美日韩亚洲国产一区二区在线观看 | 久久精品国产综合久久久| 亚洲色图av天堂| 女人被躁到高潮嗷嗷叫费观| 精品一品国产午夜福利视频| 51午夜福利影视在线观看| 成人黄色视频免费在线看| 一进一出抽搐动态| 制服人妻中文乱码| a级毛片黄视频| 成人av一区二区三区在线看| 欧美黑人精品巨大| 国内毛片毛片毛片毛片毛片| 99精品久久久久人妻精品| 国产av一区二区精品久久| 亚洲精品久久午夜乱码| 欧美精品人与动牲交sv欧美| 成人国产av品久久久| 水蜜桃什么品种好| 午夜免费成人在线视频| kizo精华| 少妇裸体淫交视频免费看高清 | 欧美精品亚洲一区二区| 亚洲国产欧美日韩在线播放| 成年人免费黄色播放视频| 性色av乱码一区二区三区2| 亚洲人成电影免费在线| 国产成人av激情在线播放| 美女国产高潮福利片在线看| 国产日韩欧美亚洲二区| 国产91精品成人一区二区三区 | 搡老熟女国产l中国老女人| 一本久久精品| 亚洲国产欧美日韩在线播放| 日本黄色日本黄色录像| 一边摸一边抽搐一进一小说 | svipshipincom国产片| 男男h啪啪无遮挡| 亚洲欧美日韩另类电影网站| av欧美777| 日韩视频一区二区在线观看| 一区在线观看完整版| svipshipincom国产片| 在线观看免费高清a一片| 一级a爱视频在线免费观看| 18禁观看日本| 91精品三级在线观看| 1024视频免费在线观看| 最新美女视频免费是黄的| 啦啦啦在线免费观看视频4| 黄色成人免费大全| 亚洲视频免费观看视频| 日韩制服丝袜自拍偷拍| 黑人巨大精品欧美一区二区蜜桃| 精品人妻在线不人妻| 在线观看免费视频网站a站| 国产免费av片在线观看野外av| 啦啦啦 在线观看视频| cao死你这个sao货| 国产国语露脸激情在线看| 精品熟女少妇八av免费久了| 精品午夜福利视频在线观看一区 | 狂野欧美激情性xxxx| 久久 成人 亚洲| 欧美日韩av久久| 嫩草影视91久久| 日日夜夜操网爽| 美国免费a级毛片| 9191精品国产免费久久| 成人特级黄色片久久久久久久 | 丝袜美腿诱惑在线| 欧美黄色淫秽网站| 天天躁日日躁夜夜躁夜夜| 美女国产高潮福利片在线看| 亚洲 国产 在线| 欧美av亚洲av综合av国产av| 国产欧美日韩一区二区三| 一个人免费在线观看的高清视频| 日韩有码中文字幕| 搡老乐熟女国产| 九色亚洲精品在线播放| 丁香六月天网| 啦啦啦 在线观看视频| 男女下面插进去视频免费观看| 一区二区av电影网| 欧美日韩中文字幕国产精品一区二区三区 | 超色免费av| 欧美黄色淫秽网站| 五月天丁香电影| 精品人妻1区二区| 久久人妻福利社区极品人妻图片| 国产黄频视频在线观看| 色尼玛亚洲综合影院| 天天躁日日躁夜夜躁夜夜| 女人被躁到高潮嗷嗷叫费观| 亚洲精品美女久久久久99蜜臀| 天天操日日干夜夜撸| 亚洲国产av新网站| 9191精品国产免费久久| 欧美av亚洲av综合av国产av| 欧美日韩亚洲综合一区二区三区_| 18在线观看网站| 欧美中文综合在线视频| 日韩一区二区三区影片| 人妻 亚洲 视频| 日本a在线网址| 亚洲avbb在线观看| 黄网站色视频无遮挡免费观看| 亚洲美女黄片视频| 国产成人精品无人区| av又黄又爽大尺度在线免费看| 美国免费a级毛片| 亚洲欧美激情在线| 嫩草影视91久久| 日韩免费av在线播放| 成年动漫av网址| 香蕉丝袜av| 色婷婷av一区二区三区视频| www.熟女人妻精品国产| 香蕉久久夜色| 精品国产一区二区三区四区第35| 男女下面插进去视频免费观看| 亚洲精品乱久久久久久| 国产精品免费视频内射| 在线观看免费视频网站a站| 满18在线观看网站| 夜夜夜夜夜久久久久| 青青草视频在线视频观看| 国产老妇伦熟女老妇高清| 99国产极品粉嫩在线观看| av线在线观看网站| 欧美黑人欧美精品刺激| 一级片免费观看大全| 成人国语在线视频| 亚洲一区中文字幕在线| 老汉色∧v一级毛片| 丝袜喷水一区| 精品少妇黑人巨大在线播放| 久久精品人人爽人人爽视色| 无人区码免费观看不卡 | 精品亚洲成a人片在线观看| av天堂在线播放| 国产在线免费精品| 狂野欧美激情性xxxx| 一本久久精品| 欧美变态另类bdsm刘玥| 亚洲五月婷婷丁香| 一级毛片女人18水好多| 每晚都被弄得嗷嗷叫到高潮| 精品少妇黑人巨大在线播放| 欧美日韩一级在线毛片| 国产精品一区二区在线不卡| 国产精品国产高清国产av | 日韩欧美一区视频在线观看| 高清黄色对白视频在线免费看| 高清在线国产一区| 亚洲精品久久午夜乱码| 日本黄色视频三级网站网址 | 日韩精品免费视频一区二区三区| 欧美日韩成人在线一区二区| 夫妻午夜视频| 婷婷成人精品国产| 日本a在线网址| 伦理电影免费视频| 每晚都被弄得嗷嗷叫到高潮| 90打野战视频偷拍视频| 可以免费在线观看a视频的电影网站| 亚洲一区中文字幕在线| tube8黄色片| 久久久久久久精品吃奶| 多毛熟女@视频| 人人妻,人人澡人人爽秒播| 黑丝袜美女国产一区| 精品久久蜜臀av无| 国产老妇伦熟女老妇高清| 国产高清激情床上av| 国产精品 国内视频| 国产免费视频播放在线视频| 80岁老熟妇乱子伦牲交| 亚洲一卡2卡3卡4卡5卡精品中文| 免费一级毛片在线播放高清视频 | 99精国产麻豆久久婷婷| av网站在线播放免费| 国产一区二区三区视频了| 大香蕉久久网| 法律面前人人平等表现在哪些方面| 建设人人有责人人尽责人人享有的| 日本精品一区二区三区蜜桃| 亚洲成a人片在线一区二区| 水蜜桃什么品种好| 老司机影院毛片| 2018国产大陆天天弄谢| 亚洲五月色婷婷综合| 精品人妻熟女毛片av久久网站| e午夜精品久久久久久久| 中文字幕精品免费在线观看视频| 99国产极品粉嫩在线观看| 99精国产麻豆久久婷婷| 在线播放国产精品三级| 9热在线视频观看99| 日韩欧美三级三区| 首页视频小说图片口味搜索| 国产精品亚洲一级av第二区| 19禁男女啪啪无遮挡网站| 桃花免费在线播放| 一边摸一边做爽爽视频免费| 久久中文字幕人妻熟女| 精品一区二区三区av网在线观看 | 19禁男女啪啪无遮挡网站| 午夜老司机福利片| 日本撒尿小便嘘嘘汇集6| 午夜激情av网站| 欧美日韩亚洲综合一区二区三区_| 91大片在线观看| av免费在线观看网站| 国产一区有黄有色的免费视频| 人人妻人人澡人人爽人人夜夜| 国产极品粉嫩免费观看在线| 欧美日韩av久久| 欧美变态另类bdsm刘玥| 欧美日韩一级在线毛片| 高清av免费在线| 久热爱精品视频在线9| 大香蕉久久网| 欧美国产精品一级二级三级| av欧美777| 成人黄色视频免费在线看| 精品卡一卡二卡四卡免费| 天天影视国产精品| 欧美日韩成人在线一区二区| 午夜福利影视在线免费观看| 久热爱精品视频在线9| 妹子高潮喷水视频| 男女之事视频高清在线观看| 我的亚洲天堂| 涩涩av久久男人的天堂| 成人手机av| 一本久久精品| 国产av一区二区精品久久| 99久久精品国产亚洲精品| www日本在线高清视频| av欧美777| 久久久精品国产亚洲av高清涩受| 女同久久另类99精品国产91| 一夜夜www| 国产一区二区 视频在线| 久久狼人影院| 性少妇av在线| 九色亚洲精品在线播放| 最近最新免费中文字幕在线| 丰满少妇做爰视频| 91精品三级在线观看| 自拍欧美九色日韩亚洲蝌蚪91| 另类精品久久| 欧美成狂野欧美在线观看| 亚洲自偷自拍图片 自拍| 久久精品aⅴ一区二区三区四区| 老司机午夜福利在线观看视频 | 黄片播放在线免费| 欧美在线黄色| 日本一区二区免费在线视频| 色婷婷久久久亚洲欧美| 国产男女超爽视频在线观看| 国产人伦9x9x在线观看| 在线观看www视频免费| 欧美在线一区亚洲| 日韩免费高清中文字幕av| 午夜福利,免费看| 国产亚洲午夜精品一区二区久久| 国产日韩欧美在线精品| 狂野欧美激情性xxxx| 国产精品98久久久久久宅男小说| 99re6热这里在线精品视频| 91麻豆av在线| 999久久久国产精品视频| 色精品久久人妻99蜜桃| 50天的宝宝边吃奶边哭怎么回事| 欧美激情 高清一区二区三区| 嫁个100分男人电影在线观看| 国产精品久久久久成人av| 亚洲成av片中文字幕在线观看| 老司机午夜福利在线观看视频 | 黑人猛操日本美女一级片| 欧美中文综合在线视频| 国产高清videossex| 我要看黄色一级片免费的| 嫩草影视91久久| 十八禁网站免费在线| 亚洲天堂av无毛| 人人妻人人添人人爽欧美一区卜| 国产成人欧美| 人人妻人人爽人人添夜夜欢视频| 久久午夜亚洲精品久久| 黄色丝袜av网址大全| 亚洲专区国产一区二区| 亚洲第一青青草原| 母亲3免费完整高清在线观看| www.熟女人妻精品国产| 亚洲午夜精品一区,二区,三区| 80岁老熟妇乱子伦牲交| 大香蕉久久网| 制服诱惑二区| xxxhd国产人妻xxx| 在线亚洲精品国产二区图片欧美| 午夜福利,免费看| 在线观看免费午夜福利视频| 中文字幕色久视频| 黑人操中国人逼视频| 国产在线一区二区三区精| 免费观看人在逋| 两人在一起打扑克的视频| 黑人操中国人逼视频| 丁香六月天网| 人成视频在线观看免费观看| 国产97色在线日韩免费| netflix在线观看网站| 日韩欧美国产一区二区入口| 黄片小视频在线播放| 亚洲五月婷婷丁香| 国产99久久九九免费精品| 女人被躁到高潮嗷嗷叫费观| 国产精品国产av在线观看| 夜夜爽天天搞| 国产精品欧美亚洲77777| 欧美精品啪啪一区二区三区| 国产一区有黄有色的免费视频| 亚洲成人国产一区在线观看| 嫁个100分男人电影在线观看| 人人澡人人妻人| 正在播放国产对白刺激| 国产成人欧美| 黑丝袜美女国产一区| av又黄又爽大尺度在线免费看| 老司机在亚洲福利影院| 国产精品免费一区二区三区在线 | 多毛熟女@视频| 日韩免费av在线播放| 男女免费视频国产| 色老头精品视频在线观看| 少妇裸体淫交视频免费看高清 | 91成人精品电影| 国产不卡一卡二| 狠狠婷婷综合久久久久久88av| 99香蕉大伊视频| 国产成人av激情在线播放| 老司机靠b影院| 久久久久久久大尺度免费视频| 99riav亚洲国产免费| 日韩熟女老妇一区二区性免费视频| 搡老乐熟女国产| 巨乳人妻的诱惑在线观看| e午夜精品久久久久久久| 91字幕亚洲| 亚洲国产av影院在线观看| 热99国产精品久久久久久7| 亚洲精品粉嫩美女一区| 一本色道久久久久久精品综合| 男男h啪啪无遮挡| 女性生殖器流出的白浆| 久久午夜综合久久蜜桃| kizo精华| 亚洲av欧美aⅴ国产| 色老头精品视频在线观看| 国产精品国产av在线观看| 国产欧美日韩综合在线一区二区| 久久 成人 亚洲| 在线永久观看黄色视频| 桃红色精品国产亚洲av| 我的亚洲天堂| 久久精品熟女亚洲av麻豆精品| 国产成人av教育| 久久国产亚洲av麻豆专区| 老汉色av国产亚洲站长工具| 丰满少妇做爰视频| 电影成人av| 国产精品免费视频内射| 亚洲色图 男人天堂 中文字幕| 丰满人妻熟妇乱又伦精品不卡| 日韩精品免费视频一区二区三区| 精品国产乱码久久久久久小说| 久久国产精品影院| 麻豆成人av在线观看| 日本a在线网址| 色精品久久人妻99蜜桃| 国产高清videossex| 久久亚洲精品不卡| 日韩一卡2卡3卡4卡2021年| 丝袜在线中文字幕| 在线看a的网站| 99国产精品一区二区三区| 国产精品免费一区二区三区在线 | 国产精品久久久人人做人人爽| 91麻豆av在线| 日本黄色视频三级网站网址 | 国产欧美日韩精品亚洲av| 亚洲综合色网址| 日韩精品免费视频一区二区三区| 99久久国产精品久久久| 久久人人97超碰香蕉20202| 欧美日韩一级在线毛片| 亚洲国产成人一精品久久久| 国产精品美女特级片免费视频播放器 | 桃花免费在线播放| 丰满饥渴人妻一区二区三| 美女午夜性视频免费| 人妻久久中文字幕网| 欧美 亚洲 国产 日韩一| 国产av精品麻豆| 麻豆av在线久日| 久热爱精品视频在线9| 天天操日日干夜夜撸| 激情在线观看视频在线高清 | 丁香六月欧美| 国产精品久久久av美女十八| 亚洲第一欧美日韩一区二区三区 | 97人妻天天添夜夜摸| 欧美日韩亚洲综合一区二区三区_| 国产成人精品久久二区二区免费| 岛国毛片在线播放| 我的亚洲天堂| 精品少妇黑人巨大在线播放| 国产在线精品亚洲第一网站| 免费在线观看完整版高清| 大片电影免费在线观看免费| 精品亚洲成a人片在线观看| 一本色道久久久久久精品综合| 涩涩av久久男人的天堂| 在线av久久热| 99国产极品粉嫩在线观看| 日韩大片免费观看网站| 精品国产超薄肉色丝袜足j| 99re在线观看精品视频| 777米奇影视久久| 久久国产精品男人的天堂亚洲| 亚洲性夜色夜夜综合| 97人妻天天添夜夜摸| 久久久久国内视频| 麻豆乱淫一区二区| 成在线人永久免费视频| 免费一级毛片在线播放高清视频 | 啦啦啦视频在线资源免费观看| 在线观看免费视频网站a站| 男女高潮啪啪啪动态图| 国产精品久久久人人做人人爽| 亚洲欧洲日产国产| av国产精品久久久久影院| 国产免费福利视频在线观看| 黄色视频在线播放观看不卡| 在线看a的网站| 老司机在亚洲福利影院| 中亚洲国语对白在线视频| 日韩一区二区三区影片| 国产黄色免费在线视频| 老汉色∧v一级毛片| av福利片在线| av免费在线观看网站| 啪啪无遮挡十八禁网站| 国产精品1区2区在线观看. | 亚洲五月色婷婷综合| 18在线观看网站| 不卡一级毛片| 天天躁狠狠躁夜夜躁狠狠躁| 免费av中文字幕在线| 一本一本久久a久久精品综合妖精| 日本av手机在线免费观看| 日本欧美视频一区| 亚洲精品乱久久久久久| 悠悠久久av| 日本一区二区免费在线视频| 国产高清videossex| 高清在线国产一区| 午夜日韩欧美国产| 99精品欧美一区二区三区四区| 看免费av毛片| 女人被躁到高潮嗷嗷叫费观| 操出白浆在线播放| 久久久久久久大尺度免费视频| 亚洲人成电影免费在线| 亚洲欧美日韩另类电影网站| 亚洲国产精品一区二区三区在线| 91九色精品人成在线观看| 国产亚洲欧美在线一区二区| 丁香六月欧美| 叶爱在线成人免费视频播放| 两性午夜刺激爽爽歪歪视频在线观看 | 亚洲avbb在线观看| 国产真人三级小视频在线观看| 亚洲人成伊人成综合网2020| 天天影视国产精品| 欧美国产精品一级二级三级| 亚洲精品一二三| 777米奇影视久久| 日韩欧美一区二区三区在线观看 | 国产精品久久久久久精品古装| 国产麻豆69| 在线永久观看黄色视频| 精品久久久精品久久久| 最近最新免费中文字幕在线| 亚洲专区中文字幕在线| 亚洲伊人久久精品综合| 99re在线观看精品视频| av一本久久久久| 国产又爽黄色视频| 久久性视频一级片| 亚洲精品一卡2卡三卡4卡5卡| 亚洲精华国产精华精| 久久久精品区二区三区| 午夜福利免费观看在线| 极品人妻少妇av视频| 日韩免费av在线播放| 亚洲性夜色夜夜综合| 免费观看a级毛片全部| 国产在线一区二区三区精| 露出奶头的视频| 一级片免费观看大全| 黑人巨大精品欧美一区二区mp4| 国产欧美日韩一区二区三| 久久国产精品人妻蜜桃| av有码第一页| 欧美乱码精品一区二区三区| 男女下面插进去视频免费观看| 精品福利观看| 黄片大片在线免费观看| 另类精品久久| 日韩大码丰满熟妇| 久久婷婷成人综合色麻豆| 极品人妻少妇av视频| 日韩成人在线观看一区二区三区| 2018国产大陆天天弄谢| av电影中文网址| 国产av一区二区精品久久| 国产伦人伦偷精品视频| 热re99久久国产66热| 亚洲av电影在线进入| 两性午夜刺激爽爽歪歪视频在线观看 | 久久人妻福利社区极品人妻图片| 色婷婷av一区二区三区视频| 成年版毛片免费区| 大香蕉久久成人网| 老司机靠b影院|