Abstract
Building secure software requires a well-selected combination of security testing techniques during the whole software development lifecycle.
Similar content being viewed by others
Bibliography
Mitre. 2011 CWE/SANS Top 25 Most Dangerous Software Errors. http://cwe.mitre.org/top25/, 2011. Site visited on 2014-01-06.
National Institute of Standards and Technology (NIST). National Vulnerability Database. http://nvd.nist.gov/. Site visited on 2014-01-06.
M.P. Gallaher and B.M. Kropp. The Economic Impacts of Inadequate Infrastructure for Software Testing. Technical Report Planning Report 02-03, National Institute of Standards & Technology, May 2002.
Howard, Michael; Lipner, Steve (June 2006). The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press.
Achim D. Brucker and Uwe Sodan. Deploying Static Application Security Testing on a Large Scale. In GI Sicherheit 2014. Lecture Notes in Informatics, GI, 2014.
Patrice Godefroid, Michael Y. Levin, David A. Molnar: SAGE: whitebox fuzzing for security testing. Commun. ACM 55(3): 40–44 (2012)
Riccardo Scandariato, James Walden, and Wouter Joosen. Static analysis versus penetration testing: a controlled experiment. In Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering, pages 1–10. IEEE, November 2013.
Author information
Authors and Affiliations
Corresponding author
Additional information
Ruediger Bachmann is a Development Architect at SAP AG (http://www.sap.com) working, as member of the central code analyses team, in the areas application security and code analysis.
Dr. Achim D. Brucker is a Security Expert and Senior Researcher at SAP AG (http://www.sap.com). He is working on a broad range of security topics both in development as well as in research. Further information can be found on his website: http://www.brucker.ch
Rights and permissions
About this article
Cite this article
Bachmann, R., Brucker, A.D. Developing secure software. Datenschutz Datensich 38, 257–261 (2014). https://doi.org/10.1007/s11623-014-0102-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-014-0102-0