An integrated security testing framework for Secure Software Development Life Cycle

Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security is an important problem. In this paper, we propose an integrated security testing framework for secure software development life cycle. In our proposed framework, we apply security activities and practices of SSDLC to generate security guidelines. Furthermore, we integrate security testing tools as a platform to provide testing service and converge testing results of tools to improve accurate of test. To evaluate our proposed framework, we construct the prototype system by referring phases of framework. Our system can integrate various security testing tools and support secure activities in each phase of SSDLC. We had applied our system to at least 50 software developing projects. The results indicate that our prototype system can provide quality and stable service.