Insecure Software Development and Threat Mapping via Security Frameworks

Abstract

Integrating security in the software development life cycle has been a significant concern for researchers, security professionals and software developers. Security frameworks help to improve security in SDLC and mitigate threats by promoting the use of best practices. While in the presence of such best practices, security is somehow considered to be an afterthought and often leaves us with insecure software. Insecure web development makes web applications vulnerable to security threats like injection attacks, data breaches, privilege escalation, CSRF and other threats. This research based on mixed methods approach aims to provide valuable insights for security professionals and web application developers regarding the use of security frameworks to map threats for secure web development. Security frameworks including NIST SSDF, OWASP top 10, OWASP SAMM, SAFECode 3rd edition and BSIMM13 are involved for this purpose. The goal is to address the gap by leveraging these security frameworks to systematically map threats in web development environment. The research will aim to provide a comprehensive methodology for identifying potential security risks, analysing their impact and recommending security measures tailored to specifically web development environment. To achieve this, a comparative study of security frameworks, testing of web applications has been conducted to achieve the results.