E-resources
Peer reviewed
Open access
-
Emin İslam Tatlı
Sakarya university journal of computer and information sciences, 04/2018, Volume: 1, Issue: 1Journal Article
Enterprises and organizations have difficulties to protect their web-based services against cyber-attacks. Due to increasing number of cyber-attacks, critical data including customer data, patient data etc. are leaked and critical services like online banking become unavailable for long period of time. The studies of Gartner, OWASP, SANS and similar organizations have shown that today’s cyber-attacks target mostly application layer. This means that application developers design and implement insecure web applications and black-hat hackers exploit these security weaknesses to get unauthorized accesses to critical databases. Insecure development of web developers is still a big challenge to solve. The top one risk “SQL Injection” from OWASP Top 10 list can be given as a concrete example. This vulnerability was discovered 20 years ago, but web developers are still mostly unaware of its prevention methods. The weak communication between web developers and security experts is one of the main reasons of insecurely developed applications. Even though security experts have the knowledge of all preventions methods for all types of security vulnerabilities, they are insufficient to transfer this knowledge to web developers. Secure software development lifecycles methodologies like Microsoft SDL, OpenSAMM, BSIMM have been also proposed in order to integrate required security activities into all phases of software development. But the security activities required by these methodologies are not integrated within development environments and therefore secure coding awareness of developers cannot be efficiently achieved. In this paper, we suggest new methods and discuss open academic research issues for integration of secure SDLC activities including secure coding practices and secure architecture patterns into development IDEs (Integrated Development Environments). Providing this, web developers can access to secure coding procedures and best-practices directly within their IDEs, increase their security awareness and develop more secure applications. As a result, the numbers of security vulnerabilities would drastically decrease and critical data leakages can be prevented.
Author
![loading ... loading ...](themes/default/img/ajax-loading.gif)
Shelf entry
Permalink
- URL:
Impact factor
Access to the JCR database is permitted only to users from Slovenia. Your current IP address is not on the list of IP addresses with access permission, and authentication with the relevant AAI accout is required.
Year | Impact factor | Edition | Category | Classification | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Select the library membership card:
If the library membership card is not in the list,
add a new one.
DRS, in which the journal is indexed
Database name | Field | Year |
---|
Links to authors' personal bibliographies | Links to information on researchers in the SICRIS system |
---|
Source: Personal bibliographies
and: SICRIS
The material is available in full text. If you wish to order the material anyway, click the Continue button.