The Impact of the Practical Security Test during the Software Development Lifecycle

The Impact of the Practical Security Test during the Software Development Lifecycle

연구 분야: Analysis

학회: 2022 24th International Conference on Advanced Communication Technology (ICACT)

With the advent of the 5G era, due to the innovation of 5G architecture, open source is widely used under the software-defined everything architecture, software security is even more important. According to National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 64 Vol2 (Security Considerations in the System Development Life Cycle; SSDLC), the key security roles and responsibilities that are needed in development of most information systems. Sufficient information about the SDLC will improve the development on the secure software. On this study, how to ensure software security from the initial requirement to the final release, and even the issues of operation and disposal will be explored. We deploy different test methods in different phases of SDLC, including Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST), etc. From the experiment, the initial security requirements are improved by detecting the problems, and then the security of the software is improved.