Content deleted Content added
→top: bold alt article name per MOS, def acro per MOS |
Citation bot (talk | contribs) Alter: title, template type, journal. Add: chapter. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | #UCB_CommandLine |
||
Line 65:
Application security tests of applications their release: static application security testing (SAST), [[dynamic application security testing]] (DAST), and interactive application security testing (IAST), a combination of the two.<ref name="auto1">
{{Cite
|last1=Parizi|first1=R. M.
|last2=Qian|first2=K.
Line 71:
|last4=Wu|first4=F.
|last5=Tao|first5=L.
|s2cid=52055661
|date=July 2018
▲|title= Benchmark Requirements for Assessing Software Security Vulnerability Testing Tools.
▲|journal=IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)
|pages=825–826
|publisher=IEEE
Line 138:
|date=September 1998
|title=Component-Based Software Engineering
|journal=2006 IEEE Symposium on Security and Privacy (S&P'06)▼
|pages=34–36
|volume=15
|issue=5
|
|doi=10.1109/MS.1998.714621
}}</ref> enforced by processes and organization of development teams<ref>
Line 151 ⟶ 150:
|date=December 2006
|title=Agile Software Development: Adaptive Systems Principles and Best Practices
|pages=19–30
|volume=23
|issue=3
|
|doi=10.1201/1078.10580530/46108.23.3.20060601/93704.3
}}</ref>
Line 168 ⟶ 166:
| volume=14
}}</ref><ref>
{{Cite
|last1=Jovanovic |first1=N.
|last2=Kruegel |first2=C.
|last3=Kirda|first3=E.
|s2cid=1042585
|date=May 2006
▲|title=Pixy: a static analysis tool for detecting Web application vulnerabilities
|pages=359–368
|publisher=IEEE
Line 184 ⟶ 182:
The rise of web applications entailed testing them: Verizon Data Breach reports in 2016 that 40% of all data breaches use web application vulnerabilities.<ref>{{cite web |url= https://enterprise.verizon.com/resources/reports/2016/DBIR_2016_Report.pdf |title= 2016 Data Breach Investigations Report |date = 2016}}</ref>
As well as external security validations, there is a rise in focus on internal threats. The Clearswift Insider Threat Index (CITI) has reported that 92% of their respondents in a 2015 survey said they had experienced IT or security incidents in the previous 12 months and that 74% of these breaches were originated by insiders.<ref>{{cite web |url= http://pages.clearswift.com/rs/591-QHZ-135/images/Clearswift_Insider_Threat_Index_2015_US.pdf |title= Clearswift Insider Threat Index (CITI) |date=2015}}</ref> Lee Hadlington categorized internal threats in 3 categories: malicious, accidental, and unintentional. Mobile applications' explosive growth implies securing applications earlier in the development process to reduce malicious code development.<ref>
{{Cite
|last1=Xianyong|first1=Meng
|last2=Qian|first2= Kai
Line 190 ⟶ 188:
|last4=Bhattacharya|first4= Prabir
|last5=Wu|first5=Fan
|
|s2cid=53288239
|date=June 2018
▲|title= Secure Mobile Software Development with Vulnerability Detectors in Static Code Analysis
▲|journal=2018 International Symposium on Networks, Computers and Communications (ISNCC)
|pages=1–4
|doi=10.1109/ISNCC.2018.8531071
Line 248 ⟶ 246:
With Agile Processes in software development, early integration of SAST generates many bugs, as developers using this framework focus first on features and delivery.<ref>
{{Cite
|last=Arreaza|first=Gustavo Jose Nieves
|
|
|date=June 2019
▲|title= Methodology for Developing Secure Apps in the Clouds. (MDSAC) for IEEECS Conferences
▲|journal=2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)
|pages=102–106
|publisher=IEEE
| |||