soft_dev_sec.php

<?php
  include "header.php";
?>
<div class="container-fluid text-center">    
  <div class="row content">
    <div class="col-sm-2">
    </div>
    <div class="col-sm-8 text-left"> 
      <h1 style="text-align:center;">Software Development Security</h1>
      <p style="text-align:center;">List of possible actions your organisation can take in other to improve its resilience to cryptojacking attack.</p>
      <hr>
      <ol>
        <li>
            <p>
                Implement secure coding practices, such as input validation and
                error handling, to prevent common software vulnerabilities like
                injection attacks (OWASP Top Ten, 2021).
            </p>
        </li>
        <li>
            <p>
                Conduct regular code reviews to identify and remediate potential
                security vulnerabilities in the software code (Thien, 2002).
            </p>
        </li>
        <li>
            <p>
                Use static code analysis tools to automatically identify potential
                security vulnerabilities in the software code (OWASP 2023).
            </p>
        </li>
        <li>
            <p>
                Implement secure software development lifecycle (SDLC) practices,
                such as threat modeling and security testing, to identify and
                mitigate potential security risks throughout the software
                development process (Microsoft Build 2022).
            </p>
        </li>
        <li>
            <p>
                Regularly update and patch software to address known security
                vulnerabilities (Brad 2007).
            </p>
        </li>
        <li>
            <p>
                Implement access controls to limit access to sensitive software
                development resources, such as source code repositories and build
                servers.
            </p>
        </li>
        <li>
            <p>
                Use secure software configuration management practices to protect
                software development artifacts and prevent unauthorized changes (Anold J et al, 2011).
            </p>
        </li>
        <li>
            <p>
                Implement continuous integration and continuous deployment (CI/CD)
                practices to automate and streamline software development and
                deployment processes (AWS 2023).
            </p>
        </li>
        <li>
            <p>
                Use containerization and virtualization technologies to isolate and
                secure software development environments (Gursimran 2022).
            </p>
        </li>
        <li>
            <p>
                Implement network security controls, such as firewalls and
                intrusion detection systems, to protect software development
                environments from external threats (Cisco 2023).
            </p>
        </li>
        <li>
            <p>
                Regularly conduct security awareness training for software
                developers to educate them on secure coding practices and potential
                security risks (Cindy 2009).
            </p>
        </li>
        <li>
            <p>
                Use secure software libraries and frameworks to reduce the risk of
                introducing vulnerabilities through third-party software
                components (Andrew 2018).
            </p>
        </li>
        <li>
            <p>
                Use encryption and secure key management practices to protect
                sensitive data used in software development (Elaine 2020).
            </p>
        </li>
        <li>
            <p>
                Regularly conduct vulnerability scanning and penetration testing of
                software development environments to identify potential security
                risks (RedLegg 2022).
            </p>
        </li>
        <li>
        <p>
            Implement incident response plans to quickly and effectively
            respond to security incidents involving software development
            environments (FIPS 2004).
        </p>
    </li>
</ol>
<br />
    <p>REFERENCES</p>
    <p>
    Andrew R, 2018. NIST Special Publication 800-193: Platform Firmware Resiliency Guidelines [online] Available from: <a href='https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf'>https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf</a> [Accessed 21 April 2023]
</p>
<p>
    Anold J., Kelly D., Ron R., Sarbari G., Dennis B, 2011. NIST Special Publication 800-128: Guide for Security-Focused Configuration Management of Information Systems. [online] Available from: <a href='https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-128.pdf'>https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-128.pdf</a> [Accessed 21 April 2023]
</p>
<p>
    AWS, 2023. Continous Integration Explained. [online] Available from: <a href='https://aws.amazon.com/devops/continuous-integration/'>https://aws.amazon.com/devops/continuous-integration/</a> [Acessed 21 April 2023]
</p>
<p>
    Brad Ruppert, 2007. Patch Management. [online] <a href='https://sansorg.egnyte.com/dl/GxUN3RBnqt'>https://sansorg.egnyte.com/dl/GxUN3RBnqt</a> [Accessed 21 April 2023]
</p>
<p>
    Cisco, 2023. Firewall Solution for Small Business: Introduction to firewall solutions [online] Available from: <a href='https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/firewall-solutions.html#~benefits'>https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/firewall-solutions.html#~benefits</a> [Accessed 21 April 2023]
</p>
<p>
    Cindy Brodie, 2009. The Importance of Security Awareness Training. [online] Available from: <a href='https://www.sans.org/white-papers/33013/'>https://www.sans.org/white-papers/33013/</a> [Accessed 21 April 2023]
</p>
<p>
    Elaine Barker, 2020. NIST Special Publication 800-57 Part 1 Revision 5: Recommendation for Key Management: Part 1 – General [online ] Available from: <a href='https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf'>https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf</a> [Accessed 21 April 2023]
</p>
<p>
    FIPS, 2004. Standards for Security Categorization of Federal Information and Information Systems [online] Available from: <a href='https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf'>https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf</a> [Accessed 21 April 2023]
</p>
<p>
    Microsoft Build, 2022. Microsoft Threat Modeling Tool. [online] Available from: <a href='https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool'>https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool</a> [Accessed 21 April 2023]
</p>
<p>
    OWASP, 2023. Static Code Analysis Tools. [online]. Available from: <a href='https://owasp.org/www-community/Source_Code_Analysis_Tools'>Static Code Analysis Tools by OWASP</a> [Accessed 21 April 2023]
</p>
<p>
    OWASP Top Ten Project, 2021. [online] Available from: <a href='https://owasp.org/Top10/'>https://owasp.org/www-community/Source_Code_Analysis_Tools</a> [Accessed 21 April 2023]
</p>
<p>
    RedLegg, 2022. 6 Steps of vulnerability scanning best practices. [online] Available from: <a href='https://www.redlegg.com/blog/6-steps-of-vulnerability-scanning-best-practices'>https://www.redlegg.com/blog/6-steps-of-vulnerability-scanning-best-practices</a> [Accessed 23 April 2023]
</p>
<p>
    Thien La., 2002. Secure Software Development and Code Analysis Tools. [online] Available from: <a href='https://www.sans.org/white-papers/389/'>https://www.sans.org/white-papers/389/</a> [Accessed 21 April 2023]
</p>
<br/>
<br/>

    </div>
    <div class="col-sm-2">
    </div>
  </div>
</div>
<?php 
  include "footer.php";
?>