SECURE SOFTWARE DEVELOPMENT SOFTWARE

SECURE SOFTWARE DEVELOPMENT SOFTWARE

Yuliya Tarasova

software engineer, OOO «Antiphishing»,

Russia, Sterlitamak

ABSTRACT

Information technologies are becoming one of the most relevant trends in the development of modern scientific and technological progress. The purpose of the current article is to analyze issues related to secure software development. The scientific value of the work lies in the attempt to systematize knowledge about the presented issue and make recommendations for the development of work-safe programs. The author applies theoretical research methods, and uses the results of other scientific research.

Keywords: Information technology, software, development, information security, program.

In the modern world, the development of the information technology segment is becoming increasingly relevant. Innovative digital solutions are finding their application in practically all areas of human life, both personal and professional. All information used by modern enterprises and organizations is stored, processed, and transmitted in electronic form. Information is just a specific case of the entire electronic flow. Along with information in electronic form, contracts, monetary transfers, confidential data, and many other resources are also functioning. In the age of information technology, practically everything operates in the information field [1].

Software offers many advantages over classical methods of information processing. Nowadays, it is impossible to imagine an enterprise that does not use electronic digital signatures, electronic document management, and other innovations in the information technology sector. However, along with numerous benefits, the integration of innovative technologies in modern enterprises also brings a number of problems. The main problems resulting from the digital transformation of enterprises are information security risks. Therefore, the question of secure software development (SDLC) remains relevant.

The software development life cycle encompasses all the actions carried out during software development. Recently, a unique concept has been developed that takes into account security factors in software development - the Secure Software Development Life Cycle (SSDLC). This concept includes a set of factors and requirements regarding security at each stage of development. [2].

Fig. 1 shows a structural diagram with the main elements of this concept:

Figure 1. Elements of secure software development

Secure Software Development (SSD) is an approach to software development that takes into account possible security threats and makes efforts to prevent their realization. The key principles of secure development include identifying and classifying security vulnerabilities associated with applications, using confidentiality, integrity, and availability rules in development, analyzing and verifying application security, including static and dynamic code and malicious actor analysis, effective access control to the application (authentication or authorization errors may lead to exploitation), and controlling environmental parameters and verifying data contained in requests [3].

The goal of secure software development is to reduce the risk of security breaches by writing code in a secure manner and protecting the application from external threats. In addition, SSD contributes to improving the quality of code and increasing its reliability and resistance to unauthorized access [4].

The following main advantages are achieved through secure software development:

•  security: secure software development pays special attention to protecting against intrusions, hacker attacks, and other data security threats. This can prevent data leaks and maintain the confidentiality of important information.
•  improved quality: using secure software development methodologies improves the quality of the created applications, which reduces the likelihood of errors and program failures.
•  reduced time and costs: early detection and elimination of errors contribute to reducing the time and costs of development, testing, and product implementation.
•  compliance with regulatory requirements: many countries and organizations establish and strengthen security standards to protect confidentiality and prevent data leaks. Developing secure software greatly enhances compliance with such requirements. Reputation protection: Leaks of confidential data, hacking, or other security breaches can have a negative impact on an organization's reputation. Secure software development provides protection for an organization's reputation and its clients [5].

Thus, the main goal of the presented article was to perform an analysis on the issue of secure software development. As a result of the work, such key factors as the relevance of information technology and the software segment, the key principles of secure software development, and the advantages achieved through the creation of secure programs were considered.

In conclusion, it should be noted that information security is one of the most relevant and important topics nowadays. The constant increase in the amount of information transmitted electronically, as well as the constant emergence of new threats and highly sophisticated attacks by cybercriminals, makes information security one of the main tasks for companies, governments, and ordinary users. Failure to comply with information security measures can lead to leaks of confidential information, theft of personal data, financial losses, and other serious consequences. That is why secure software development becomes a relevant task in the modern world of information technology [6].

References:

1. Paklyachenko M.Yu. Digital products and services security: principles and elements of secure design // Bulletin of the Moscow University of the Ministry of Internal Affairs of Russia. 2023.
2. Samarin N.N. Software complex for evaluating information security of software without source code // High-tech technologies in Earth space research. 2021.
3. Sukhomlin V.A., Belyakova O.S., Klimina A.S., Polyanskaya M.S., Rusanov A.A. Model of digital cybersecurity skills 2020 // Modern information technologies and IT education. 2020.
4. Chastikova V.A., Malykhina M.P., Petrov V.Ya. Approach to the Development of a Malware Recognition Software Package Using Convolutional Neural Networks // Bulletin of Adyghe State University. Series 4: Natural and Technical Sciences. 2020.
5. Tagoev B.D., Isainova M.H. Modern problems of food security and their consequences for the republic of Tajikistan // Vestnik TGUPBP. 2022.
6. Markin D.O., Makeev S.M., Umbetov T.K. Technological map for the development of software implementing security services based on trusted boot and technology // Scientists' notes of OGU. Series: Humanities and Social Sciences. 2021.