Prácticas de Ciberseguridad en la Ingeniería de Software: Una Revisión de la Literatura

Authors

  • Juan Carlos Pérez-Arriaga 📩 Universidad Veracruzana, México
  • Eduardo Antonio Castillo Garrido Universidad Veracruzana, México
  • Héctor Xavier Limón-Riaño Universidad Veracruzana, México https://orcid.org/0000-0003-4654-636X
  • Saúl Domínguez-Isidro Universidad Veracruzana, México

DOI:

https://doi.org/10.32870/recibe.v15i1.496

Keywords:

Secure Software, Software Secure Development, Software Engineering, Literature Review Synthesis, Narrative Synthesis

Abstract

Developing software products that incorporate Cybersecurity into their design remains a relatively hard challenge for development teams. Software Engineering has implemented several practices at different stages of the software development lifecycle, aimed at building increasingly secure products to meet industry demands. Through a systematic review of 77 articles, we identified 30 relevant cybersecurity practices, including security policies, threat modeling, static analysis, and penetration testing. Key artifacts such as class diagrams, misuse cases, and security patterns are also highlighted, along with associated tools, models, standards, and frameworks. These findings demonstrate how cybersecurity is integrated into all stages of the software development lifecycle to produce software products that meet one of today’s most important quality attributes.

Author Biographies

Juan Carlos Pérez-Arriaga 📩, Universidad Veracruzana, México

Juan Carlos Pérez Arriaga holds a Bachelor’s degree in Computer Science from the Faculty of Statistics and Informatics at Veracruzana University and a Master’s degree in Computer Science from the Arturo Rosenblueth Foundation. He is currently a full-time Professor at the Faculty of Statistics and Informatics of Veracruzana University. He has been recognized by the Professional Development Program for Teachers (PRODEP). His research work focuses on Software Construction, Software Development Security, and Software Accessibility.      

Eduardo Antonio Castillo Garrido, Universidad Veracruzana, México

Eduardo Antonio Castillo Garrido holds a Bachelor’s degree in Software Engineering from the Faculty of Statistics and Informatics at Veracruzana University in Xalapa, Veracruz, Mexico. His academic and professional interests include Requirements Engineering, Software Architecture, and the Design of Resilient Systems. The present work is derived from his undergraduate thesis project carried out at this institution.      

Héctor Xavier Limón-Riaño, Universidad Veracruzana, México

Héctor Xavier Limón Riaño is a full-time Professor at the Faculty of Statistics and Informatics of Veracruzana University. He is currently a member of the National System of Researchers (SNI). He holds a Bachelor’s degree in Computer Science, as well as Master’s and Doctoral degrees in Artificial Intelligence. His research interests include Multi-Agent Systems, Data Mining, Cybersecurity, and Distributed Systems, and he has authored numerous publications in these areas.      

Saúl Domínguez-Isidro, Universidad Veracruzana, México

Saúl Domínguez-Isidro is a Professor and Researcher at the Faculty of Statistics and Informatics of the Veracruzana University, Mexico. His research interests focus on Software Engineering, particularly in Search-Based Software Testing, Bio-Inspired Algorithms, Automated Software Testing, DevOps, and Artificial Intelligence Applications in Software Development. He has participated in various research projects and actively collaborates in the education and mentoring of undergraduate and graduate students in Computer Science and Software Engineering.      

References

Lemos, R. (2023, February). Cyberattack on fintech firm disrupts derivatives trading globally. Dark Reading. https://www.darkreading.com/cyberattacks-data-breaches/cyberattack-fintech-firm-disrupts-derivatives-trading

Vijayan, J. (2023, January). How noob website hackers can become persistent threats. Dark Reading. https://www.darkreading.com/cyberattacks-data-breaches/noob-hackers-become-persistent-threats

Vailshery, L. S. (2022, March). Share of corporate data stored in the cloud in organizations worldwide from 2015 to 2022. Statista. https://www.statista.com/statistics/1062879/worldwide-cloud-storage-of-corporate-data/

Sommerville, I. (2011). Software engineering (9th ed.). Addison-Wesley.

Emami, M. S., Ithnin, N. B., & Ibrahim, O. (2010). Software process engineering: Strengths, weaknesses, opportunities and threats. In Proceedings of the 6th International Conference on Networked Computing (INC2010).

Straub, J. (2020). Software engineering: The first line of defense for cybersecurity. In 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS).

González, H., Llamas Contreras, R., & Montaño Rivas, O. (2019). When software engineering meets cybersecurity at the classroom. In 2019 7th International Conference in Software Engineering Research and Innovation (CONISOFT).

Khan, R. A., Khan, S. U., Ilyas, M., & Idris, M. Y. (2020). The state of the art on secure software engineering: A systematic mapping study. In Proceedings of the 24th International Conference on Evaluation and Assessment in Software Engineering (EASE '20).

González, H., Llamas Contreras, R., & Guerra García, C. (2021). Cybersecurity practices at the initial stages of the software engineering process. In 2021 9th International Conference in Software Engineering Research and Innovation (CONISOFT).

Khan, R. A., Khan, S. U., Khan, H. U., & Ilyas, M. (2022a). Systematic literature review on security risks and its practices in secure software development. IEEE Access, 10, 5456–5481.

Khan, R. A., Khan, S. U., & Ilyas, M. (2022b). Exploring security procedures in secure software engineering: A systematic mapping study. In Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering (EASE '22).

Selva-Mora, A., & Quesada-López, C. (2024). Security practices in agile software development: A mapping study. In Proceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business (IWSiB '24).

Kitchenham, B. A., Budgen, D., & Brereton, P. (2015). Evidence-based software engineering and systematic reviews. Chapman & Hall/CRC.

Zhang, H., Babar, M. A., & Tell, P. (2011). Identifying relevant studies in software engineering. Information and Software Technology, 53(6), 625–637.

Popay, J., Roberts, H., Sowden, A., Petticrew, M., Arai, L., Rodgers, M., Britten, N., Roen, K., & Duffy, S. (2006). Guidance on the conduct of narrative synthesis in systematic reviews. ESRC Methods Programme. https://www.lancaster.ac.uk/media/lancaster-university/content-assets/documents/fhm/dhr/chir/NSsynthesisguidanceVersion1-April2006.pdf

Abiona, O. O., Oladapo, O. J., Modupe, O. T., Oyeniran, O. C., Adewusi, A. O., & Komolafe, A. M. (2024). The emergence and importance of DevSecOps: Integrating and reviewing security practices within the DevOps pipeline. World Journal of Advanced Engineering Technology and Sciences, 11(2), 127–133.

Check Point. (2024). What is secure SDLC? https://www.checkpoint.com/cyber-hub/cloud-security/what-is-secure-sdlc/

Portada Vol 15 Num 1

Downloads

Published

2026-04-24 — Updated on 2026-06-21

Versions

How to Cite

Pérez-Arriaga, J. C., Castillo Garrido, E. A., Limón-Riaño, H. X., & Domínguez-Isidro, S. (2026). Prácticas de Ciberseguridad en la Ingeniería de Software: Una Revisión de la Literatura. ReCIBE, Electronic Journal of Computing, Informatics, Biomedical and Electronics, 15(1). https://doi.org/10.32870/recibe.v15i1.496 (Original work published April 24, 2026)

Issue

Vol. 15 No. 1 (2026): Jan. 2026 - Apr. 2026

Section

Computer Science & IT

License

Copyright (c) 2026 ReCIBE, electronic journal of Computing, Informatics, Biomedical and Electronics