Application and Software Security: Studying How to Secure Applications and Software from Vulnerabilities and Attacks

Mustafa Ahmed Othman Abo Mhara; Abdullah Abdulsalam Abdulqadir Abdulrahman

doi:10.55544/sjmars.1.2.9

Authors

Mustafa Ahmed Othman Abo Mhara Department of Electronics Commerce, Faculty of Economics and Political Science, Bani Waleed University, LIBYA.
Abdullah Abdulsalam Abdulqadir Abdulrahman Higher Institute of Engineering Technologies Baniwalid, LIBYA.

DOI:

https://doi.org/10.55544/sjmars.1.2.9

Keywords:

GDPR, HIPAA, PCI DSS, software security, vulnerabilities, attacks

Abstract

Application and software security are essential for protecting digital systems from a growing multitude of attacks. With the advancement of technology, application vulnerabilities have emerged as a main target for attackers, resulting in substantial financial, operational, and reputational harm. This research examines critical elements of application security, including prevalent vulnerabilities, attack routes, threat models, and the tools and technologies used to minimize risks. It emphasizes the need of incorporating security measures throughout the software development lifecycle (SDLC) and complying with legal frameworks such as GDPR, HIPAA, and PCI DSS. The study investigates difficulties such the growing complexity of applications, accelerated development cycles, and the evolving threat environment, necessitating enterprises to implement proactive security strategies. Recommendations include the adoption of safe coding standards, use of sophisticated security tools, improvement of authentication procedures, and promotion of a security-oriented culture via education and cooperation. This research underscores the need for a holistic and flexible strategy to guarantee the resilience of applications against emerging cyber threats.

References

M. Tatam, B. Shanmugam, S. Azam and K. Kannoorpatti, "A review of threat modelling approaches for APT-style attacks", Heliyon, vol. 7, no. 1, Jan. 2021.

M. Niazi, A. M. Saeed, M. Alshayeb, S. Mahmood and S. Zafar, "A maturity model for secure requirements engineering", Comput. Secur., vol. 95, Aug. 2020.

M. Zhang, X. D. C. D. Carnavalet, L. Wang and A. Ragab, "Large-scale empirical study of important features indicative of discovered vulnerabilities to assess application security", IEEE Trans. Inf. Forensics Security, vol. 14, no. 9, pp. 2315-2330, Sep. 2019.

G. McGraw, "Six tech trends impacting software security", Computer, vol. 50, no. 5, pp. 100-102, May 2017.

J. C. S. Nunez, A. C. Lindo and P. G. Rodriguez, "A preventive secure software development model for a software factory: A case study", IEEE Access, vol. 8, pp. 77653-77665, 2020.

S. Von Solms and L. A. Futcher, "Adaption of a secure software development methodology for secure engineering design", IEEE Access, vol. 8, pp. 125630-125637, 2020.

M. Z. Gunduz and R. Das, "Cyber-security on smart grid: Threats and potential solutions", Comput. Netw., vol. 169, Mar. 2020.

J. Li, Y. Zhang, X. Chen and Y. Xiang, "Secure attribute-based data sharing for resource-limited users in cloud computing", Comput. Secur., vol. 72, pp. 1-12, Jan. 2018.

W. Khreich, S. S. Murtaza, A. Hamou-Lhadj and C. Talhi, "Combining heterogeneous anomaly detectors for improved software security", J. Syst. Softw., vol. 137, pp. 415-429, Mar. 2018.

S. Hosseinzadeh, S. Rauti, S. Laurén and J.-M. Mäkelä, "Diversification and obfuscation techniques for software security: A systematic literature review", Inf. Softw. Technol., vol. 104, pp. 72-93, Dec. 2018.

E. K. Szczepaniuk, H. Szczepaniuk, T. Rokicki and B. Klepacki, "Information security assessment in public administration", Comput. Secur., vol. 90, Mar. 2020.

M. A. Akbar, A. Alsanad, S. Mahmood and A. Alothaim, "A multicriteria decision making taxonomy of IoT security challenging factors", IEEE Access, vol. 9, pp. 128841-128861, 2021.

R. Khan, "Secure software development: A prescriptive framework", Comput. Fraud Secur., vol. 2011, no. 8, pp. 12-20, Aug. 2011.

D. Mellado, C. Blanco, L. E. Sánchez and E. Fernández-Medina, "A systematic review of security requirements engineering", Comput. Standards Interfaces, vol. 32, no. 4, pp. 153-165, 2010.

Velásquez, A. Caro and A. Rodríguez, "Authentication schemes and methods: A systematic literature review", Inf. Softw. Technol., vol. 94, pp. 30-37, Feb. 2018.