Metodologías para desarrollar software seguro - Methodologies for software security development
DOI:
https://doi.org/10.32870/recibe.v2i3.18Palabras clave:
metodologías, desarrollo de software, procesos ágiles, seguridad, vulnerabilidadesResumen
La seguridad ha pasado de ser un requerimiento no funcional, que podía implementarse como parte de la calidad del software a un elemento primordial de cualquier aplicación. Los hackers y grupos criminales evolucionan día a día y se han convertido expertos en explotar las vulnerabilidades de las aplicaciones y sitios en internet. Para hacer frente a estas amenazas, es necesaria la implementación de metodologías que contemplen en su proceso de desarrollo de software la eliminación de vulnerabilidades y la inclusión de la seguridad como un elemento básico en la arquitectura de cualquier producto de software. Este trabajo revisa algunas de las metodologías que contemplan la seguridad en su proceso.Abstract: Security has changed from a non-functional requirement, which could be implemented as a part of software quality, to a key element in any software application. Hackers and criminal groups evolve every day and they have become expert in exploiting vulnerabilities in applications and websites. To address these threats, it is necessary that organizations implementing methodologies that include activities focused on eliminating vulnerabilities and integrating security as a basic element in the software development process. This paper reviews some of the methodologies that provide security activities in the software development process.Keywords: methodologies, software development, agile processes, security, vulnerabilities.Citas
Amey, P. (2006). Correctness by Construction. Consultado el 29 de septiembre del 2013, en https://buildsecurityin.us-cert.gov/articles/knowledge/sdlc-process/correctness-by-construction
Brito, E. (2010). A (Very) Short Introduction to SPARK : Language , Toolset , Projects , Formal Methods & Certification (pp. 479–490). Portugal: INForum 2010 - II Simpósio de Informática.
Croxford, M., & Chapman, R. (2005). Correctness by Construction : A Manifesto for High-Integrity Software. The Journal of Defense Software Engineering, 18(12), 5–8.
Davis, N. (2005). Secure Software Development Life Cycle Processes : A Technology Scouting Report (pp. 14–20).
Fowler, M., & Highsmith, J. (2001). The Agile Manifesto. Consultado el 07 de julio del 2013, en http://www.pmp-projects.org/Agile-Manifesto.pdf
Hall, A. (2007). Realising the Benefits of Formal Methods. Journal of Universal Computer Science, 13(5), 669–678.
Korkeala, M. (2011). Integrating SDL for Agile in an ongoing software development project. Cloud Software Finland, 1–17.
Laskowski, J. (2011). Agile IT Security Implementation Methodology (primera ed., pp. 13–21). Birmingham, Reino Unido: Packt Publishing Ltd.
Lipner, S. (2004). The Trustworthy Computing Security Development Lifecycle. Annual Computer Security Applications Conference, pp. 2 – 11.
Microsoft Corporation. (2007). The Trustworthy Computing Security Development Lifecycle The Microsoft SDL Team. Consultado en http://www.microsoft.com/en-us/download/details.aspx?id=12379
Norton. (2012). Norton Cybercrime Report 2012 (pp. 1–9). Consultado en http://us.norton.com/cybercrimereport
Peterson, G. (2011). Security Architecture Blueprint. Dublin: Secure Application Development. Consultado en http://secappdev.org/handouts/2011/Gunnar Peterson/ArctecSecurityArchitectureBlueprint.pdf
Vanfosson, T. (2006). Plan-driven vs . Agile Software Engineering and Documentation : A Comparison from the Perspectives of both Developer and Consumer Submitted for the PhD Qualifying Examination. CiteSeerX
Wood, C., & Knox, G. (2012). Guidelines for Agile Security Requirements Engineering. Software Requirements Engineering (pp. 1 –5). Rochester, Nueva York.