Relevant bibliographies by topics / Software and application security / Journal articles

Journal articles on the topic 'Software and application security'

To see the other types of publications on this topic, follow the link: Software and application security.
Author: Grafiati
Published: 10 December 2022
Last updated: 29 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Software and application security.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Abozeid, Amr, AbdAllah Adel AlHabshy, and Kamal ElDahshan. "A Software Security Optimization Architecture (SoSOA) and its Adaptation for Mobile Applications." International Journal of Interactive Mobile Technologies (iJIM) 15, no. 11 (June 4, 2021): 148. http://dx.doi.org/10.3991/ijim.v15i11.20133.

Full text
Abstract:
Security attacks become daily news due to an exposure of a security threat in a widely used software. Taking software security into consideration during the analysis, design, and implementation phases is a must. A software application should be protected against any security threat such as unauthorized distribution or code retrieval. Due to the lack of applying a software security standard architecture, developers may create software that may be vulnerable to many types of security threats. This paper begins by reviewing different types of known software security threats and their countermeasure mechanisms. Then, it proposes a new security optimization architecture for software applications. This architecture is a step towards establishing a standard to guarantee the software's security. Furthermore, it proposes an adapted software security optimization architecture for mobile applications. Besides, it presents an algorithmic implementation of the newly proposed architecture, then it proves its security. Moreover, it builds a secure mobile application based on the newly proposed architecture.
APA, Harvard, Vancouver, ISO, and other styles
2

Peng, Jianping, Meiwen Guo, and Jing Quan. "Software Vulnerability and Application Security Risk." Information Resources Management Journal 32, no. 1 (January 2019): 48–57. http://dx.doi.org/10.4018/irmj.2019010103.

Full text
Abstract:
This research investigates the software vendor-based relationships between software vulnerability and application security risk. The data is obtained from the China National Vulnerability Database of Information Security (CNNVD). At first, we use the latent class model to classify the software vendors into three categories, and then employ regression models to estimate relationships between software vulnerability and application security risk for each of the three categories of the software vendors. The results show the relationships vary across the software vendors. The findings suggest that an IT vendor should learn specific vulnerability features according to its type to effectively avoid vulnerability generation on their products.
APA, Harvard, Vancouver, ISO, and other styles
3

Payne, Jeffery. "Integrating Application Security into Software Development." IT Professional 12, no. 2 (March 2010): 6–9. http://dx.doi.org/10.1109/mitp.2010.58.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Shin, Michael E., Hassan Gomaa, Don Pathirage, Chase Baker, and Bhavya Malhotra. "Design of Secure Software Architectures with Secure Connectors." International Journal of Software Engineering and Knowledge Engineering 26, no. 05 (June 2016): 769–805. http://dx.doi.org/10.1142/s021819401650025x.

Full text
Abstract:
This paper describes the design of secure connectors that are used in the design of secure software architectures for distributed business applications. Mixing security concerns with business concerns in software architectures makes applications more complex. With the goal of making secure software architectures more maintainable and evolvable, the secure connectors proposed in this paper are designed separately from business application components by considering different communication patterns between the components as well as security services required by application components. Each secure connector encapsulates security relevant objects to provide application components with security services. In this paper, secure connectors are applied to design the software architectures of electronic commerce and automated teller machine applications.
APA, Harvard, Vancouver, ISO, and other styles
5

Karakaneva, J. "Software applications security." Trakia Journal of Science 12, no. 4 (2014): 418–24. http://dx.doi.org/10.15547/tjs.2014.04.012.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Hosniara Pervin. "Software as a service and security." World Journal of Advanced Research and Reviews 11, no. 3 (September 30, 2021): 327–31. http://dx.doi.org/10.30574/wjarr.2021.11.3.0459.

Full text
Abstract:
Nowadays, Cloud Computing is an important hi-tech research area in the most recent innovation. These advancements give clients a few benefits: cost-adequacy, effective asset usage, cooperation, catastrophe recuperation, and elite. Cloud offers administrations for processing on a solitary mouse click. The overview was completed in the type of an online survey. This examination paper exhibits that SaaS is safer than other web applications. SaaS is superior to different applications and SaaS is savvy. This Research paper investigates the significance of SaaS for productive distributed computing for associations and its suggestions. This examination paper additionally talks about the significance of SaaS application engineering, usefulness, proficiency, benefits, and weaknesses.
APA, Harvard, Vancouver, ISO, and other styles
7

Algarni, Sultan, Fathy Eassa, Khalid Almarhabi, Abdullah Algarni, and Aiiad Albeshri. "BCNBI: A Blockchain-Based Security Framework for Northbound Interface in Software-Defined Networking." Electronics 11, no. 7 (March 23, 2022): 996. http://dx.doi.org/10.3390/electronics11070996.

Full text
Abstract:
Software-defined networking (SDN) has emerged as a flexible and programmable network architecture that takes advantage of the benefits of global visibility and centralized control over a network. One of the main properties of the SDN architecture is the ability to offer a northbound interface (NBI), which enables network applications to access the SDN controller resources. However, the NBI can be compromised by a malicious application due to the lack of standardization and security aspects in the most current NBI designs. Therefore, in this paper, we propose a novel comprehensive security solution for securing the application–controller interface, named BCNBI. We propose a controller-independent lightweight blockchain architecture and exploit the security features of blockchain while limiting the blockchain’s computational overhead. BCNBI automatically verifies application and SDN controller credentials through token-based authentication. The proposed solution enforces fine-grained access control for each application’s API request and classifies the permission set into strict and normal policies, in order to add an extra level of security. In addition, the trustworthiness of applications is evaluated in order to prevent malicious activities. We implemented our blockchain-based solution to analyze its security, based on the confidentiality–integrity–availability model criteria, and evaluated the introduced overhead in terms of processing time and packet overhead. The experimental results demonstrate that the BCNBI can effectively secure the NBI, based on the fundamental security goals, while introducing insignificant overhead.
APA, Harvard, Vancouver, ISO, and other styles
8

Khan, Khaled M. "Software Security Engineering." International Journal of Secure Software Engineering 3, no. 1 (January 2012): 62–63. http://dx.doi.org/10.4018/jsse.2012010104.

Full text
Abstract:
Muthu Ramachandran from Leeds Metropolitan University, UK has recently published a book entitled, Software Security Engineering: Design and Applications. The author claims that the book provides systematic approaches to engineering, building and assuring software security throughout software lifecycle, software security based requirements engineering, design for software security, software security implementation, best practice guideline on developing software security, test for software security, and quality validation for software security.
APA, Harvard, Vancouver, ISO, and other styles
9

Rauf, Bilal, Haider Abbas, Muhammad Usman, Tanveer A. Zia, Waseem Iqbal, Yawar Abbas, and Hammad Afzal. "Application Threats to Exploit Northbound Interface Vulnerabilities in Software Defined Networks." ACM Computing Surveys 54, no. 6 (July 2021): 1–36. http://dx.doi.org/10.1145/3453648.

Full text
Abstract:
Software Defined Networking (SDN) is an evolving technology that decouples the control functionality from the underlying hardware managed by the control plane. The application plane supports programmers to develop numerous applications (such as networking, management, security, etc.) that can even be executed from remote locations. Northbound interface (NBI) bridges the control and application planes to execute the third-party applications business logic. Due to the software bugs in applications and existing vulnerabilities such as illegal function calling, resource exhaustion, lack of trust, and so on, NBIs are susceptible to different attacks. Based on the extensive literature review, we have identified that the researchers and academia have mainly focused on the security of the control plane, data plane, and southbound interface (SBI). NBI, in comparison, has received far less attention. In this article, the security of the least explored, but a critical component of the SDN architecture, i.e., NBI, is analyzed. The article provides a brief overview of SDN, followed by a detailed discussion on the categories of NBI, vulnerabilities of NBI, and threats posed by malicious applications to NBI. Efforts of the researchers to counter malicious applications and NBI issues are then discussed in detail. The standardization efforts for the single acceptable NBI and security requirements of SDN by Open Networking Foundation (ONF) are also presented. The article concludes with the future research directions for the security of a single acceptable NBI.
APA, Harvard, Vancouver, ISO, and other styles
10

Zhai, Hui, Hui Shi, and Rui Zhai. "The Application of Software Testing Technology on Security in Web Application System." Applied Mechanics and Materials 556-562 (May 2014): 6159–61. http://dx.doi.org/10.4028/www.scientific.net/amm.556-562.6159.

Full text
Abstract:
Based on a hotel management information system developed by the ASP.NET technology and browser / server mode, for example, the security of the system was checked by software testing techniques, and the security flaws were found in the system, the improvements algorithm was given also.
APA, Harvard, Vancouver, ISO, and other styles
11

Tiwari, Pradeep Kumar, and Sandeep Joshi. "Data Security for Software as a Service." International Journal of Service Science, Management, Engineering, and Technology 6, no. 3 (July 2015): 47–63. http://dx.doi.org/10.4018/ijssmet.2015070104.

Full text
Abstract:
Cloud computing is a BUZZ word of modern computing scenario. Cloud computing services are flexible and cost effective with resource utilization. Cloud computing have three service models SaaS (Software as a Service) PaaS (Plateform as a Service) and Iaas (Infrastructure as a Service). SaaS provide on demand application services such as email, ERP and CRM etc. Multi user can access applications and they can interact to each other at same time. All users data can be reside at same place. This flexibility of SaaS service also gives the security breaches. Loop holes of SaaS harder to find and maintain. The authors discuss here security vulnerabilities of SaaS with possible solutions. This study would be helpful to elaborate to understand data security issues and privacy solutions over SaaS.
APA, Harvard, Vancouver, ISO, and other styles
12

Al-Ahmad, Walid. "Building Secure Software Using XP." International Journal of Secure Software Engineering 2, no. 3 (July 2011): 63–76. http://dx.doi.org/10.4018/jsse.2011070104.

Full text
Abstract:
Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for security design and development; security is usually an afterthought activity. This paper discusses the integration of XP with security activities based on the CLASP (Comprehensive Lightweight Application Security Process) methodology. This integration will help developers using XP develop secure software by applying security measures in all phases and activities, thereby minimizing the security vulnerabilities exploited by attackers.
APA, Harvard, Vancouver, ISO, and other styles
13

Zhou, He. "Application Research on Key Points of Software Security Development Technology." Journal of Physics: Conference Series 2173, no. 1 (January 1, 2022): 012041. http://dx.doi.org/10.1088/1742-6596/2173/1/012041.

Full text
Abstract:
Abstract With the rapid development of network technology, software security has attracted more and more attention. Based on the software security lifecycle presents an improved suitable for small and medium-sized enterprise software security development process, make the software safety to cover the whole software life cycle, improve the level of safety of encoding software. The model used in the software development phase, test phase and release phase three software security key technologies are studied and discussed in detail. In addition, it also designed a software security development management platform, the software development process so that the model can better apply to the actual enterprise to the platform. After a number of units for a period of time of trial, get a better evaluation of the households.
APA, Harvard, Vancouver, ISO, and other styles
14

Algarni, Abdullah, Abdulaziz Attaallah, Fathi Eassa, Maher Khemakhem, Kamal Jambi, Hosam Aljihani, Khalid Almarhabi, and Faisal Albalwy. "A security testing mechanism for detecting attacks in distributed software applications using blockchain." PLOS ONE 18, no. 1 (January 20, 2023): e0280038. http://dx.doi.org/10.1371/journal.pone.0280038.

Full text
Abstract:
Distributed software applications are one of the most important applications currently used. Rising demand has led to a rapid increase in the number and complexity of distributed software applications. Such applications are also more vulnerable to different types of attacks due to their distributed nature. Detecting and addressing attacks is an open issue concerning distributed software applications. This paper proposes a new mechanism that uses blockchain technology to devise a security testing mechanism to detect attacks on distributed software applications. The proposed mechanism can detect several categories of attacks, such as denial-of-service attacks, malware and others. The process starts by creating a static blockchain (Blockchain Level 1) that stores the software application sequence obtained using software testing techniques. This sequence information exposes weaknesses in the application code. When the application is executed, a dynamic blockchain (Blockchain Level 2) helps create a static blockchain for recording the responses expected from the application. Every response should be validated using the proposed consensus mechanism associated with static and dynamic blockchains. Valid responses indicate the absence of attacks, while invalid responses denote attacks.
APA, Harvard, Vancouver, ISO, and other styles
15

Badgire, Vaishnavi. "Calibration and Asset Management Software." International Journal for Research in Applied Science and Engineering Technology 9, no. 8 (August 31, 2021): 2961–66. http://dx.doi.org/10.22214/ijraset.2021.37831.

Full text
Abstract:
Abstract: In an industry, to ensure smooth and reliable working of machines, calibration is an important phase to rectify the changes of devices. This solution is a new milestone in calibration and asset management industry. A web-based application provides portability to the application hence; share-holders/proprietors/industrialist can manage their assets any time, anywhere. To make any application reliable and Secure, testing is an important phase. The intent of a security testing is to identify the vulnerabilities, so that the developers can pull out these vulnerabilities from the application and make the web application and data safe from any unauthorized action. Tools such as Zenmap, OWSAP, and OpenSSL used to ensure unbreakable working of application. Keywords: Calibration, Asset Management, Security Testing, HTTP’s Conversion
APA, Harvard, Vancouver, ISO, and other styles
16

He, Cheng, and Yan Fei Liu. "Research on Software Testing to Ensure Web Application Usability, Reliability and Security." Advanced Materials Research 1049-1050 (October 2014): 1972–76. http://dx.doi.org/10.4028/www.scientific.net/amr.1049-1050.1972.

Full text
Abstract:
Compared with traditional web sites, there are some new features on modern web applications, as follows: dynamic functionalities, diverse representation, uncertainty for running performance, innovative data handling and data transferring mechanism, vulnerability Subsequently, the problems in testing web application are discussed from functional testing , reliability testing and security testing. At last, in order to solve these problems,new testing methods are proposed, which are systematic web application testing method,random test methods, reliability testing methods and security testing methods.
APA, Harvard, Vancouver, ISO, and other styles
17

Andrian, Rian, and Ahmad Fauzi. "Security Scanner For Web Applications Case Study: Learning Management System." Jurnal Online Informatika 4, no. 2 (February 14, 2020): 63. http://dx.doi.org/10.15575/join.v4i2.394.

Full text
Abstract:
In software engineering, web applications are software that are accessed using a web browser through a network such as the Internet or intranet. Web applications are applications that can be relied on by users to do many useful activities. Despite the awareness of web application developers about safe programming practices, there are still many aspect in web applications that can be exploited by attacker. The development of web applications and the Internet causes the movement of information systems to use them as a basis. Security is needed to protect the contents of web applications that are sensitive and provide a safe process of sending data, therefore application security must be applied to all infrastructure that supports web applications, including the web application itself. Most organizations today have some kind of web application security program or try to build/ improve. But most of these programs do not get the results expected for the organization, are not durable or are not able to provide value continuously and efficiently and also cannot improve the mindset of developers to build/ design secure web applications. This research aims to develop a web application security scanner that can help overcome security problems in web applications.
APA, Harvard, Vancouver, ISO, and other styles
18

Alhirabi, Nada, Omer Rana, and Charith Perera. "Security and Privacy Requirements for the Internet of Things." ACM Transactions on Internet of Things 2, no. 1 (February 2021): 1–37. http://dx.doi.org/10.1145/3437537.

Full text
Abstract:
The design and development process for internet of things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across many different types of nodes with different capabilities under different conditions. Second, IoT application development involves different types of software engineers such as desktop, web, embedded, and mobile to work together. Furthermore, non-software engineering personnel such as business analysts are also involved in the design process. In addition to the complexity of having multiple software engineering specialists cooperating to merge different hardware and software components together, the development process requires different software and hardware stacks to be integrated together (e.g., different stacks from different companies such as Microsoft Azure and IBM Bluemix). Due to the above complexities, non-functional requirements (such as security and privacy, which are highly important in the context of the IoT) tend to be ignored or treated as though they are less important in the IoT application development process. This article reviews techniques, methods, and tools to support security and privacy requirements in existing non-IoT application designs, enabling their use and integration into IoT applications. This article primarily focuses on design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy). Our goal is not only to analyse, compare, and consolidate the empirical research but also to appreciate their findings and discuss their applicability for the IoT.
APA, Harvard, Vancouver, ISO, and other styles
19

Rawat, Sanjay, and Ashutosh Saxena. "Application security code analysis: a step towards software assurance." International Journal of Information and Computer Security 3, no. 1 (2009): 86. http://dx.doi.org/10.1504/ijics.2009.026622.

Full text
APA, Harvard, Vancouver, ISO, and other styles
20

Zhang, Yan Kun. "Computer Network Security Threats and Security Technology Research." Advanced Materials Research 971-973 (June 2014): 1440–43. http://dx.doi.org/10.4028/www.scientific.net/amr.971-973.1440.

Full text
Abstract:
Networksecurity network system is presented, including hardware, software, and itstransmission in the network information security, network security threatsmainly include: software vulnerabilities, improper configuration, safetyconsciousness is not strong, virus, hacker attacks, etc. Is not only afirewall, network security is not anti-virus, intrusion monitoring, firewall,identity authentication, encryption, and other products of simple stack, butfrom the system to the application, from the device to the service ofrelatively complete, the system of the combination of security products.
APA, Harvard, Vancouver, ISO, and other styles
21

Wibisurya, Aswin, and Timothy Yudi Adinugroho. "A Reusable Software Copy Protection Using Hash Result and Asymetrical Encryption." ComTech: Computer, Mathematics and Engineering Applications 5, no. 2 (December 1, 2014): 647. http://dx.doi.org/10.21512/comtech.v5i2.2215.

Full text
Abstract:
Desktop application is one of the most popular types of application being used in computer due to the one time install simplicity and the quick accessibility from the moment the computer being turned on. Limitation of the copy and usage of desktop applications has long been an important issue to application providers. For security concerns, software copy protection is usually integrated with the application. However, developers seek to reuse the copy protection component of the software. This paper proposes an approach of reusable software copy protection which consists of a certificate validator on the client computer and a certificate generator on the server. The certificate validator integrity is protected using hashing result while all communications are encrypted using asymmetrical encryption to ensure the security of this approach.
APA, Harvard, Vancouver, ISO, and other styles
22

Petukhov, Andrey N., and Paul L. Pilyugin. "”Common Criteria” and Software Defined Network Security." Modeling and Analysis of Information Systems 26, no. 1 (March 15, 2019): 134–45. http://dx.doi.org/10.18255/1818-1015-2019-1-134-145.

Full text
Abstract:
«Common criteria» (ISO 15408) is a universally recognized and broadly applicable approach to information security solutions management and evaluation. «Common criteria» leans on developing a shared conceptual basis for key security solution modules including protection profiles and security targets. Conceptual basis development implies defining the following elements: security objectives and assumptions (for the environment and the object), threats and security policies, as well as functional and assurance requirements. The specifics of SDN (software defined network) security solutions is largely driven by fundamental architectural principles of SDN technology itself − primarily by the separation of control and data flows, − and by conditions imposed by Open Flow protocol application. However, proactive (threats and policies), passive (objectives and assumptions) and reactive (requirements) aspects of security management remain highly relevant for this type of security solutions. This paper discusses the Common Criteria application specifics for assessing the SDN security and practical MTUCI (Moscow Technical University of Communications and Informatics) experience in the development of the protection profile. A new class of network attacks on SDN switches and controllers can involve either data or control components. In addition to traditional vulnerabilities, centralization of management functions paves way for new security threats by isolating controller activity and administrative message exchange. Therefore, identifying and analyzing threats, policies and requirements specific to SDN control module security becomes an emerging priority.
APA, Harvard, Vancouver, ISO, and other styles
23

Zhao, Jing Sheng, Wei Zhang, and Chao Yuan. "Research on Mobile Agent Security of Application Software in Open Platform." Advanced Materials Research 403-408 (November 2011): 1332–36. http://dx.doi.org/10.4028/www.scientific.net/amr.403-408.1332.

Full text
Abstract:
This paper analyzes the security problem and the popular security technology of Mobile Agent system. A new mechanism of Mobile Agent security system in open platform, a three tier protection model, that is code mess up, limited life time of code and data, encryption, associated with CA, used for protecting Mobile Agent from the attacks of malicious hosts is discussed. A method to deal with Mobile Agent in different level management and certification services, used for constructing hosts’ secure environment is also proposed. The security mechanism has been conducted, which shows the mode has taken into effect.
APA, Harvard, Vancouver, ISO, and other styles
24

Doan, Thuong, Steven Demurjian, Laurent Michel, and Solomon Berhe. "Integrating Access Control into UML for Secure Software Modeling and Analysis." International Journal of Secure Software Engineering 1, no. 1 (January 2010): 1–19. http://dx.doi.org/10.4018/jsse.2010102001.

Full text
Abstract:
Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This article presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.
APA, Harvard, Vancouver, ISO, and other styles
25

Li, Zhong Hua, You Xin Wu, Sheng Hua Xu, and Wei Zhang. "E-Government Application Adaptation and Optimization Based on the Domestic Foundational Software." Applied Mechanics and Materials 411-414 (September 2013): 2167–72. http://dx.doi.org/10.4028/www.scientific.net/amm.411-414.2167.

Full text
Abstract:
Many crucial business application system established on information products abroad for a long time, especially foundation software abroad. How to guarantee the information security of our country become the outstanding problems. On the field of E-government, it is the urgent issues of adopting domestic foundational software to guarantee government information security. But the development of our domestic foundation software appears late. It shows the problems of instability, interface unfriendliness, weak compatibility and poor performance partly on the application of E-government, Domestic foundational software should increase the functions of usability, reliability, security, suitability and globality. This paper explores transplantation, adaptation and optimization of domestic foundational software which was faced by E-government system. It provides the difference of technical demand and experience summary between the environment of domestic foundational software and foundational software abroad in order to enhance the application level of E-government on domestic foundational software environment. At the same time, it explores the technology optimization and function maturation which are needed to do on the field of E-government application area which was faced by domestic foundational software. It aims at increasing technical level and technical maturity of domestic foundational software in order to provide beneficial advices for domestic foundational software of large-scale applications and industrial development in E-government field.
APA, Harvard, Vancouver, ISO, and other styles
26

Zhu, Xiao Jing, and Yuan Guai Lin. "Analysis of Web Attack and Design of Defense System." Advanced Materials Research 756-759 (September 2013): 2428–32. http://dx.doi.org/10.4028/www.scientific.net/amr.756-759.2428.

Full text
Abstract:
With the growing popularity of Web applications and Web attacks increasing; Web applications protection and data security have become the core focus of the information security system of enterprises and institutions. The paper briefly presents the harm of the common several kinds of Web attacks, and analyzes their principle, gives their defense measures. On this basis, the defense system of both software and hardware design is proposed. It achieves software defense design based on Web software development and Web application management, and hardware defense design based on H3C SecBlade IPS, to effectively guarantee the security of Web applications.
APA, Harvard, Vancouver, ISO, and other styles
27

Gumerov, Emil A., and Tamara V. Alekseeva. "Development of the blockchain architecture of the Industrial Internet of Things system of the enterprise." Journal Of Applied Informatics 16, no. 95 (October 29, 2021): 16–32. http://dx.doi.org/10.37791/2687-0649-2021-16-5-16-32.

Full text
Abstract:
The development of the digital economy in the modern world requires solving the issue of security of Industrial Internet of Things (IIoT) applications. A large number of distributed, network-based, IIoT devices managed by intelligent programs (software agents) require protection. A successful attack on any IIoT device will lead to hacking of the IIoT application and to large financial losses, as well as to the termination of the IIoT application, therefore, the research topic is relevant. The purpose of this article is to radically solve the security problem of the IIoT application by developing a blockchain architecture of the application. The authors were tasked with investigating all aspects of the blockchain system that ensure the security of IIoT application devices. The peculiarity of the blockchain system is that its participants are software agents that control the application devices. As a result of the research, the concept of the blockchain architecture of the IIoT application is proposed. He mechanisms of consensus of intelligent programs of IIoT devices as equal active participants of the blockchain network are investigated. The consensus mechanism and the cryptographic system of the distributed registry of the blockchain network increase the information security of the IIoT application. The synergistic effect of the blockchain system and intelligent systems of software agents of IIoT application devices significantly increases the efficiency of the solution. Intelligent systems of software agents and IIoT applications are effectively trained on the blockchain platform, and as a result, we get a decentralized supercomputer in the form of a blockchain system.
APA, Harvard, Vancouver, ISO, and other styles
28

Tedyyana, Agus, Fajar Ratnawati, Elgamar Syam, and Fajri Profesio Putra. "Threat modeling in application security planning citizen service complaints." Indonesian Journal of Electrical Engineering and Computer Science 28, no. 2 (November 1, 2022): 1020. http://dx.doi.org/10.11591/ijeecs.v28.i2.pp1020-1027.

Full text
Abstract:
The mobile-based service complaint application is one way to implement good governance today. Public facilitated to make complaints without going through a complicated process. Security aspects must be considered to protect user privacy. The security design must be considered so that no one is harmed by the application's users damaged in the application's use. This study used threat modeling during the planning stage of developing a citizen service complaint application to obtain information about vulnerabilities. The researcher uses the threat modeling process that the open web application security project (OWASP) organization has formulated as a framework. The researchers took steps to describe application information, determine and rank threats, countermeasures, and mitigation. In the final stage, the spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege (STRIDE) threat modeling methodology is used to analyze and assess mitigation actions against threats in the application. The researcher gets a defense strategy to reduce the danger based on the threat analysis results. Threat modeling in the early phase software development life cycle process is constructive in ensuring that software is developed with adequate security based on threat mitigation from the beginning.
APA, Harvard, Vancouver, ISO, and other styles
29

Said, Huwida E., Mario A. Guimaraes, Zakaria Maamar, and Leon Jololian. "Database and database application security." ACM SIGCSE Bulletin 41, no. 3 (August 25, 2009): 90–93. http://dx.doi.org/10.1145/1595496.1562909.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Ge, Xuefeng. "Research on the Application of Adaptive Genetic Algorithm in Software Unit Security Test Simulation." Journal of Physics: Conference Series 2066, no. 1 (November 1, 2021): 012010. http://dx.doi.org/10.1088/1742-6596/2066/1/012010.

Full text
Abstract:
Abstract At present, the security test and simulation of software unit mainly focuses on several links, such as software control structure amelioration, software process alternating quantity model control and model inspection tech, and there are still many shortcomings, such as high missed inspection rate, difficult to effectively guarantee the needs of practice, etc. Based on this, this paper first analyses the purpose and principle of software unit security test and simulation, then studies the utilization of ameliorated genetic algorithm in software unit security test simulation, and finally gives the simulation results analysis of software unit security test based on AGA.
APA, Harvard, Vancouver, ISO, and other styles
31

Wang, Pin. "Safety Testing Method Analysis of Computer Software." Applied Mechanics and Materials 299 (February 2013): 135–38. http://dx.doi.org/10.4028/www.scientific.net/amm.299.135.

Full text
Abstract:
Along with the computer network application becomes more popular, along with our country Internet market becoming stronger, more and more individuals or enterprises to commercial activities into the electronic commerce platform, so the computer software security has become increasingly important. Therefore, to strengthen the security of computer software protection research is very necessary, and guarantee the software safety is one of the effective means of software security hidden trouble detection. This paper will discuss the computer software system in safety detection method. Computer software security testing technology is existing computer software safety based, effective recognition computer software security problems in.
APA, Harvard, Vancouver, ISO, and other styles
32

Yang, Yong Xian, Jie Tu, Yao Jun Liu, and Chun Xiang Liu. "Application of Encryption Lock in the Power Simulation Training Software Information Protection." Applied Mechanics and Materials 457-458 (October 2013): 1152–55. http://dx.doi.org/10.4028/www.scientific.net/amm.457-458.1152.

Full text
Abstract:
With the level of China's power information technology increased, any information security problem appear in power system are likely to endanger the safe operation of power grid. USB dongle is a popular authentication security tool which can effectively prevent the illegal use of software. In this paper, use electrical simulation training software as an example, apply encryption lock as an important tool for the security protection of electric power simulation training software, introduce the principle and role in information security protection of encryption lock in detail.
APA, Harvard, Vancouver, ISO, and other styles
33

Ping, Pan, Zhu Xuan, and Mao Xinyue. "Research on Security Test for Application Software Based on SPN." Procedia Engineering 174 (2017): 1140–47. http://dx.doi.org/10.1016/j.proeng.2017.01.267.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Kadam, Akshita D. "Enhancing Software Security for Salesforce Applications." International Journal for Research in Applied Science and Engineering Technology 7, no. 3 (March 31, 2019): 2176–85. http://dx.doi.org/10.22214/ijraset.2019.3401.

Full text
APA, Harvard, Vancouver, ISO, and other styles
35

Tamrin, Suraya Ika, Azah Anir Norman, and Suraya Hamid. "Information systems security practices in social software applications." Aslib Journal of Information Management 69, no. 2 (March 20, 2017): 131–57. http://dx.doi.org/10.1108/ajim-08-2016-0124.

Full text
Abstract:
Purpose The purpose of this paper to investigate the current information systems security (ISS) practices of the social software application (SSA) users via the internet. Design/methodology/approach The paper opted for a systematic literature review survey on ISS and its practices in SSAs between 2010 and 2015. The study includes a set of 39 papers from among 1,990 retrieved papers published in 35 high-impact journals. The selected papers were filtered using the Publish or Perish software by Harzing and Journal Citation Report (JCR) with an inclusion criterion of least one citation per article. Findings The practice of ISS is driven by the need to protect the confidentiality, integrity, and availability of the data from being tampered. It is coherent with the current practice as reported by many researchers in this study. Four important factors lead to the ISS practice in SSA: protection tools offered, ownership, user behaviour, and security policy. Practical implications The paper highlights the implication of successful ISS practices is having clear security purpose and security supported environment (user behaviour and security protection tools) and governance (security policy and ownership) protection tools offered, ownership, user behaviour, and security policy towards ISS practice by the users. Originality/value This paper fulfils an identified need to study how to enable ISS practice.
APA, Harvard, Vancouver, ISO, and other styles
36

Fu, Weiyu, and Lixia Wang. "Software Security Testing through Coverage in Deep Neural Networks." Security and Communication Networks 2022 (August 31, 2022): 1–7. http://dx.doi.org/10.1155/2022/2834982.

Full text
Abstract:
With the continuous progress of society, computer technology and information technology are also experiencing rapid development. Especially in recent years, the application of computer technology has rapidly entered into people's daily life. As people’s lives become richer, these applications have become particularly complex. For some large software, tens of thousands of function points or millions of lines of source code may be triggered to support it when performing related tasks. As a result, the security of such a complicated and excellent software becomes quite essential. The most effective way to ensure software security is to test the security of software products during the development process. A precise and effective security testing process is the basis for ensuring that software is tested for security. Without a detailed scientific software security testing model to guide software development for security testing, software security testing will become very difficult. This not only wastes more time and money but also does not guarantee the security of the software. A great security testing methodology should be able to find security problems that may be hidden deep within the software. In addition, a scientific process management can greatly facilitate the implementation of software security testing. As a result, it is relatively meaningful to establish a complete software security testing process model, generate excellent security test cases, and develop security process management tools for software security testing. At the same time, in recent years, deep learning has gradually entered more and more people's lives. However, the widespread application of deep learning systems can bring convenience to human life but also bring some hidden dangers. Hence, deep neural networks must be adequately tested to eliminate as many security risks as possible in some safety-critical software that involves personal and property safety. As the foundation of deep learning systems, deep neural networks should be adequately tested for security. However, deep learning systems are fundamentally different from traditional software testing, so traditional software testing techniques cannot be directly applied to deep neural network testing. In recent years, many scholars in related fields have proposed coverage guidelines based on deep learning testing, but the usefulness of these guidelines is still debatable. Based on the complexity of the large software development process and the fact that the interrelationship between nodes often constitutes a complex network of collaborative relationships, this study applies coverage-based testing in deep neural networks to test the security of software. To be specific, this research applies metrics such as peak coverage, speed to peak, and computational speed to evaluate coverage criteria and to investigate the feasibility of using coverage to guide test case selection to select solutions for security testing.
APA, Harvard, Vancouver, ISO, and other styles
37

Tsuchiya, Akihiro, Francisco Fraile, Ichiro Koshijima, Angel Ortiz, and Raul Poler. "Software defined networking firewall for industry 4.0 manufacturing systems." Journal of Industrial Engineering and Management 11, no. 2 (April 6, 2018): 318. http://dx.doi.org/10.3926/jiem.2534.

Full text
Abstract:
Purpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility. Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal.Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines.Research limitations/implications: The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section.Practical implications: The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures. Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility. Originality/value: The paper proposes a novel SDN Firewall specifically designed to secure ICS networks. A prototype implementation of the proposed SDN Firewall has been tested in laboratory conditions. The prototype implementation complements the security features of the OPC UA communication standard to provide a holistic security framework for ICS networks.
APA, Harvard, Vancouver, ISO, and other styles
38

Prema Sindhuri, B., and M. Kameswara Rao. "IoT security through web application firewall." International Journal of Engineering & Technology 7, no. 2.7 (March 18, 2018): 58. http://dx.doi.org/10.14419/ijet.v7i2.7.10259.

Full text
Abstract:
The current trend in home electronics needs to be Internet Connectivity. Internet of Things is a collection of many interconnected objects, services and devices that can communicate and share the data to achieve a common goal in different areas and applications using internet. Attacks on IoT devices are physical attacks, side channel attacks, cryptanalysis attacks, software attacks, network attacks. The network attacks does not require physical access to create a major disruption like DDos in the network. The attackers can insert themselves between us and our devices like Man in Middle Attack. A firewall acts as a barrier between a trusted network and an untrusted network. This is a proposed work to focus on the security challenges of IoT using web application firewall.
APA, Harvard, Vancouver, ISO, and other styles
39

Danh, Nguyen Tan. "Personal Security in the Application of Online Software in the Technology Period 4.0." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 4 (April 11, 2021): 1686–89. http://dx.doi.org/10.17762/turcomat.v12i4.1425.

Full text
Abstract:
Over the three industrial revolutions, man has achieved great achievements. But besides that great success will always go hand in hand with many problems that arise. Because the rate at which technology develops is directly proportional to the threats it poses. The emergence of new technology requires researchers and students to pay attention to discover new threats to make it reliable and user-friendly. In the meantime 4.0 cloud computing is a new technology model. Security issues in cloud computing are considered one of the biggest obstacles besides the broad benefits of cloud computing. New concepts introduced by the cloud create new challenges for the security community. Addressing these challenges requires, in addition to the ability to cultivate and adjust security measures developed for other systems, to propose new security policies, models and protocols to address optimal and effective cloud security challenges. In this article, we provide comprehensive research on cloud security including classification of known security threats and advanced practices in attempting to address these threats. The paper also provides classification dependency and provides solutions in the form of preventive action rather than proactive action.
APA, Harvard, Vancouver, ISO, and other styles
40

Krawczyk, Henryk, Marcin Barylski, and Adam Barylski. "On Software Unit Testing for Improving Security and Performance of Distributed Applications." Key Engineering Materials 597 (December 2013): 131–36. http://dx.doi.org/10.4028/www.scientific.net/kem.597.131.

Full text
Abstract:
Performance and security are software (SW) application attributes situated on the opposite corners of system design. In the most drastic example the most secure component is the one totally isolated from the outside world, with communication performance reduced to zero level (e.g. disconnected physically from the network, placed inside a Faraday cage to eliminate possible wireless accessibility). On the other hand the most performance-optimized system is the one with all security rules taken off. Obviously such extreme implementations cannot be accepted, thus a reasonable trade-off between security and performance is desired, starting from the appropriate design, resulting in the adequate implementation, confirmed by security and performance testing in production environment. Unit testing (UT) is a well-know method of examining the smallest portion of SW application source code – units: methods, classes, interfaces in order to verify whether they behave as designed. Ideally, each UT test case is separated from others, taking advantage of stubs and mocks to provide full isolation from external test factors. This paper is an extension to research about joint security testing and performance testing for improving quality of distributed applications working in public-private network environments,addressing SW quality assessment at different, unit test level.
APA, Harvard, Vancouver, ISO, and other styles
41

Hanny, Jonathan. "Building an Application Security Program." Information Security Journal: A Global Perspective 19, no. 6 (November 23, 2010): 336–42. http://dx.doi.org/10.1080/19393555.2010.514891.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Ramachandran, Muthu. "SEF4CPSIoT Software Engineering Framework for Cyber-Physical and IoT Systems." International Journal of Hyperconnectivity and the Internet of Things 5, no. 1 (January 2021): 1–24. http://dx.doi.org/10.4018/ijhiot.2021010101.

Full text
Abstract:
Cyber-physical systems (CPS) have emerged to address the need for more efficient integration of modern advancement in cyber and wireless communications technologies such as 5G with physical objects. In addition, CPSs systems also needed to efficient control of security and privacy when we compare them with internet of things (IoT). In recent years, we experienced lack of security concerns with smart home IoT applications such as home security camera, etc. Therefore, this paper proposes a systematic software engineering framework for CPS and IoT systems. This paper also proposed a comprehensive requirements engineering framework for CPS-IoT applications which can also be specified using BPMN modelling and simulation to verify and validate CPS-IoT requirements with smart contracts. In this context, one of the key contribution of this paper is the innovative and generic requirements classification model for CPS-IoT application services, and this can also be applied to other emerging technologies such as fog, edge, cloud, and blockchain computing.
APA, Harvard, Vancouver, ISO, and other styles
43

KASHTANOV, Serhii F., Yury O. POLUKAROV, Oleksiy I. POLUKAROV, Liudmyla O. MITIUK, and Nataliia F. KACHYNSKA. "Specifics of modern security requirements for software of electronic machine control systems." INCAS BULLETIN 13, S (August 3, 2021): 87–97. http://dx.doi.org/10.13111/2066-8201.2021.13.s.9.

Full text
Abstract:
The required level of safety of machines and mechanisms is achieved through the use of appropriate safety management systems for industrial equipment, including programmable electronic ones. Such systems usually include a variety of security devices for managing industrial equipment settings. Since electronic control systems are currently considered the most promising control systems in this area, the study of the security parameters of their application support determines the relevance of this study. This study analyses the main requirements of IEC 61508 and IEC 62061 standards for compliance with modern safety requirements of embedded and applied software for electronic control systems of machines and mechanisms. This study proposes an algorithm for step-by-step implementation of software for electronic machine control systems in accordance with basic security standards for both built-in and application software. Testing has been determined as the main method of verification of application software. Based on the results of the analysis, it was found that the specification of security requirements, both built-in and application software, should highlight the necessary characteristics of each subsystem, providing information that allows choosing the equipment that meets existing security requirements. Relevant recommendations are given on the specifics of practical application of these standards.
APA, Harvard, Vancouver, ISO, and other styles
44

Lozano-Rizk, Jose E., Jose E. Gonzalez-Trejo, Raul Rivera-Rodriguez, Andrei Tchernykh, Salvador Villarreal-Reyes, and Alejandro Galaviz-Mosqueda. "Application-Aware Flow Forwarding Service for SDN-Based Data Centers." Electronics 11, no. 23 (November 24, 2022): 3882. http://dx.doi.org/10.3390/electronics11233882.

Full text
Abstract:
Security and Quality of Service (QoS) in communication networks are critical factors supporting end-to-end dataflows in data centers. On the other hand, it is essential to provide mechanisms that enable different treatments for applications requiring sensitive data transfer. Both applications’ requirements can vary according to their particular needs. To achieve their goals, it is necessary to provide services so that each application can request both the quality of service and security services dynamically and on demand. This article presents QoSS, an API web service to provide both Quality of Service and Security for applications through software-defined networks. We developed a prototype to conduct a case study to provide QoS and security. QoSS finds the optimal end-to-end path according to four optimization rules: bandwidth-aware, delay-aware, security-aware, and application requirements (considering the bandwidth, delay, packet loss, jitter, and security level of network nodes). Simulation results showed that our proposal improved end-to-end application data transfer by an average of 45%. Besides, it supports the dynamic end-to-end path configuration according to the application requirements. QoSS also logs each application’s data transfer events to enable further analysis.
APA, Harvard, Vancouver, ISO, and other styles
45

Vanoverberghe, Dries, and Frank Piessens. "Security enforcement aware software development." Information and Software Technology 51, no. 7 (July 2009): 1172–85. http://dx.doi.org/10.1016/j.infsof.2008.01.009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
46

Nagarjuna Reddy, Tella, and K. Annapurani Panaiyappan. "Intrusion Detection on Software Defined Networking." International Journal of Engineering & Technology 7, no. 3.12 (July 20, 2018): 330. http://dx.doi.org/10.14419/ijet.v7i3.12.16052.

Full text
Abstract:
Software Defined Networking and programmability on network have established themselves as current trends in IT by bringing autonomous operation with dynamic flow to network. Networks must be programmable, and it must be aware of the application in order to operate autonomously. Networks need to evolve to catch up with the current trends without losing their current status and operation, reliability, robustness, or security, and without distorting current investments. SDN is a transpiring network architecture where network control plane is distinguished from data plane and by that the network is directly programmable. This control, was initially bound in every network devices, enabled in the network to be abstracted for applications and services. Security is a major challenge for organizational and campus networks. The future of Internet depends on virtualization which is to provide numerous networks hosted the same physical hardware. This proposal takes a great advantage of the programmability provided by SDN to utilize Intrusion Detection System.
APA, Harvard, Vancouver, ISO, and other styles
47

Šimić, Goran, Mirjana Radovanović, Sanja Filipović, and Olga Mirković Isaeva. "Fuzzy logic approach in energy security decision-making: “ESecFuzzy” software application." Soft Computing 25, no. 16 (June 29, 2021): 10813–28. http://dx.doi.org/10.1007/s00500-021-05976-y.

Full text
APA, Harvard, Vancouver, ISO, and other styles
48

Rani, Sangeeta, and Kanwalvir Singh Dhindsa. "Android application security: detecting Android malware and evaluating anti-malware software." International Journal of Internet Technology and Secured Transactions 10, no. 4 (2020): 491. http://dx.doi.org/10.1504/ijitst.2020.10028988.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Rani, Sangeeta, and Kanwalvir Singh Dhindsa. "Android application security: detecting Android malware and evaluating anti-malware software." International Journal of Internet Technology and Secured Transactions 10, no. 4 (2020): 491. http://dx.doi.org/10.1504/ijitst.2020.108142.

Full text
APA, Harvard, Vancouver, ISO, and other styles
50

Michalek, Peter. "Dissecting application security XML schemas." Information Security Technical Report 9, no. 3 (July 2004): 66–76. http://dx.doi.org/10.1016/s1363-4127(04)00033-0.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Software and application security' for other source types:
Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography