One of the crucial topic in software development is the
implementation of security. As we know that software systems nowadays are very
in demand, not just they make our life much easy, but they make our life more
convenient and advantageous than those in the past. We cannot also hide the
fact that because of internet software and hardware systems are now continually
becoming more popular. As the world grow, humans are also tended to be more
dependent on the internet. Internet can
make our life much more easy and efficient. We can easily communicate with
other people inside or outside the country. Help us provides useful
data, information, and knowledge for the personal, social and economic
development. It can also help businesses in communicating and transmitting
information easily to any destination in matter of seconds. Moreover, as we
grow dependent on the internet we also want something that could protect us
from leaking our data, we want to use something that we can trust or in other
word we want a secured and reliable system. As you encounter systems that there
is no one who can manipulate your information, then you can depend on its
information integrity and accuracy. However, issues regarding securing software systems and its
consequences have raised so much concern in many public and private domains,
and as hacker attack on software continues to increase, the demand for secure
software has also increased significantly.
Without having enough understanding
in security attacking defenseless information is the most problem we are facing
today. So, it much more convenient to train early or educate the future
security engineers as early as possible, to let them aware of the fact how
vulnerabilities affect the system and to let them learn some practical methods
in handling those vulnerabilities. The
help of professionals are very essential. The difference between security
professionals and systems developers is that the main concerns of expert in security
is the security of a systems, and most developers are only focus in creating
system that will work with its functionality. While security is one of the
non-functional goals with which developers must be concerned, it is but one of
many. And while security professionals complain that developers don’t take
security seriously, developers are just as frustrated that security
professionals don’t understand that security is not their only concern.
this analysis it introduced the ways of preventing your systems in vulnerability
or to secure your system, managing security risk, reasons of why attacker
attack your system, the approaches in security requirement, the standardization
use in securing your system.
As the technology improved, software
also became more complex and software project grow larger. Software can be
characterized depending on the way they have been develop or the purpose why
they have been created. Software can be characterized by its fundamental
properties. Fundamental properties of software include such things as
functionality, performance, reliability, cost, usability, manageability,
adaptability and, of most interest to us, “security” where integrity takes
design and carelessly developed software has the greater change to be attacked,
because of this the importance of security should be considered in developing
a system. Furthermore, the creation of security in software systems at the
design phase can reduce the high cost and effort associated with the introduction
of security during implementation. For this purpose, security patterns offer security
at the architectural level have been proposed in similarity to the well-known
design patterns. The main goal is to perform risk analysis of software systems
based on the security patterns they need. Fist step is to determine the scale
of a specific security pattern to how much area it can defend in those existing
attacks. And as of now, there are many tools or method which can be used to
obtain risk of a software system.
security as a property of software is what indicates the software’s ability to
resist, withstand, and recover from attacks.
SECURITY PROPERTIES FOR SOFTWARE
The goal of software security is to produce software
that is able to 1:
withstand many anticipated attacks;
in a minimum damage, and from attacks that cannot be resisted or withstood.
It also said that security
is compose of three lower-level properties which are 1, 4, 8:
Availability: This means the software should
always operate accurately and anticipately and should remain available on the
intended user and the outside operation which it must be connected.
Integrity: This mean that there shouldn’t be
way or a method that unauthorized entities can manipulate or control the data,
nor can perform, operate the installation, or execution in the software
content, functionality, configuration.
Confidentiality: This mean that software must
maintain its privacy, the character, location, and existence of the software and
content must be hidden to unauthorized individuals, devices, and any other
software. If it is using a third party’s then it should provide a verification
function to inform the users.
And this are the two additional
lower-level security properties that a secured software should have, this are
more often correspond with information and the intended users who uses it. And
now a day, the two properties are now becoming equally important for the
Accountability: Every activity of the user should
be recorded and tracked with the acknowledgement of software, the user itself
and any other external entities that are connected in the software.
Non-repudiation: Refer to the capability of the
software to prove unto the entities from disproving or denying responsibility
for their action while using with the software.