Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security Testing for Web Applications in SDLC
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2011 (English)Independent thesis Advanced level (degree of Master (Two Years))Student thesisAlternative title
Security Testing for Web Applications in SDLC (Swedish)
Abstract [en]

Context: In Web applications, the Software vulnerability can be reduced by applying security testing in all phases of the software development life cycle (SDLC). Lot of vulnerabilities might occur if the security testing is applied in the last phase of SDLC. In order to mitigate these vulnerabilities, a lot of rework is required that involves reverse engineering in the development and design phases. To overcome this situation, organizations are shifting from security testing (performed in last phase) towards security testing in the early phases of SDLC. Objectives: The main objectives of this thesis are to gather the benefits and challenges of security testing in the last phase versus security testing in every phase of the SDLC. After gathering, authors want to compare both implementations because these days most organizations are shifting from last phase to every phase of SDLC. Justification to the reason can be achieved by this comparison. Methods: In order to satisfy the objectives of this thesis, a literature review and interviews were conducted. The literature review was conducted by gathering benefits and challenges of last phase and every phase of SDLC. Authors have applied coding technique to the data gathered from literature review. By using the results from literature review, a set of questions were framed. Based on these questions, interviews in various organizations were performed. To analyze the practitioner’s data we used Sorting and Coding technique. Then, we conducted a comparative analysis to compare both results. Results: Application of security testing in the last phase of the SDLC results in a lot of rework which in turn leads to instability in managing the cost, time and resources in an organisation. In order to overcome this, more and more organisations are introducing security testing at each and every phase of SDLC. Conclusions: It can be concluded that every phase of security testing in SDLC has more benefits than applying in last phase of SDLC. To evaluate this process more research is needed to acquire more knowledge of security testing in all phases of SDLC. Through literature review and interviews conducted, it is evident that security testing at early phases causes a reduction in rework which in turn leads to more efficient management of cost, time and resources of a project.

Place, publisher, year, edition, pages
2011. , 89 p.
Keyword [en]
Software, Security, Software development life cycle, Secure software development life cycle
National Category
Computer Science Software Engineering
Identifiers
URN: urn:nbn:se:bth-2903Local ID: oai:bth.se:arkivex722D4BEFD36EF10FC1257ABA00229DB5OAI: oai:DiVA.org:bth-2903DiVA: diva2:830198
Uppsok
Technology
Supervisors
Note
+91 8977404640Available from: 2015-04-22 Created: 2012-11-18 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(1603 kB)112 downloads
File information
File name FULLTEXT01.pdfFile size 1603 kBChecksum SHA-512
709b0fd5952801ea48cbeb22c7e5b0cbe381a58b5d890eac936d268cd6339236b324fa38c3e14f3234fa55231798d929334353639b4716299b67e02fa7ec01d6
Type fulltextMimetype application/pdf

By organisation
School of Computing
Computer ScienceSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 112 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 274 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf