Secure software development guidelines
Maharjan, Anish (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202501101200
https://urn.fi/URN:NBN:fi:amk-202501101200
Tiivistelmä
Application security in software development is a continuous struggle against a constantly evolving threat landscape. As the number of potential attacks increases, security considerations must be prioritised. Instead of viewing security as an additional feature, it should be incorporated into every phase of the software development lifecycle.
The objective of this final year project was to construct guidelines for the secure software development process for the case company, TGR-WRT. In addition, a gap analysis was performed to evaluate these new guidelines with the existing security practices implemented across software projects at TGR-WRT.
The research framework used in this project is DSR for its systematic approach and relevance to information systems research. The development and assessment of innovative artifacts enabled the development of robust guidelines personalised for secure software development process within TGR-WRT.
The development of guidelines and gap analysis was mainly based on literature, best practices and widely recognised standards. The guidelines were developed to align with TGR-WRT’s need and objectives, with the OWASP SAMM framework used as the core reference. Upon the development of these guidelines, a gap analysis was conducted to assess them with the practices in existing software projects. It was performed based on the observation, research findings and the organisation’s objectives. The gap analysis concluded that even in the absence of established guidelines, certain security practices had already been embedded into the existing software projects. Furthermore, it pinpointed the areas where the enhancements can be pursued in the current software projects.
The objective of this final year project was to construct guidelines for the secure software development process for the case company, TGR-WRT. In addition, a gap analysis was performed to evaluate these new guidelines with the existing security practices implemented across software projects at TGR-WRT.
The research framework used in this project is DSR for its systematic approach and relevance to information systems research. The development and assessment of innovative artifacts enabled the development of robust guidelines personalised for secure software development process within TGR-WRT.
The development of guidelines and gap analysis was mainly based on literature, best practices and widely recognised standards. The guidelines were developed to align with TGR-WRT’s need and objectives, with the OWASP SAMM framework used as the core reference. Upon the development of these guidelines, a gap analysis was conducted to assess them with the practices in existing software projects. It was performed based on the observation, research findings and the organisation’s objectives. The gap analysis concluded that even in the absence of established guidelines, certain security practices had already been embedded into the existing software projects. Furthermore, it pinpointed the areas where the enhancements can be pursued in the current software projects.