ISSN (Online): 2321-3418
server-injected
Engineering and Computer Science
Open Access

Enhancing Software Security: A Research-Driven Automation Framework

,
DOI: 10.18535/ijsrm/v12i12.ec03· Pages: 1793-1803· Vol. 12, No. 12, (2024)· Published: December 16, 2024
PDF
Views: 506 PDF downloads: 164

Abstract

With the ever-growing dependency on software in critical systems such as healthcare, finance, transportation, and defense, among many others, the need for robust security in software has never been greater. Breaches of security, in which an undetected vulnerability was often the culprit, lead to severe financial loss, loss of reputation, and even legal action for organizations and end-users. While technology has considerably improved, conventional security practices have repeatedly have failed to address the rapid growth of complexity and dynamic nature in modern software systems. The paper presents a critical requirement for an organized and active approach toward software security for its lifetime.

We propose an automation framework driven by research that responds to these challenges by fitting into the tight cooperation of security testing tools in order to automate the detection and mitigation of vulnerabilities: it engenders a continuous improvement culture of security. This framework will be tailored to support Agile development and DevOps workflows, seamlessly embedding security in the rapid, iterative cycles of development. This framework will allow an organization to measure and improve quantitatively its security practices over time by harnessing actionable metrics and insight.

References

  1. Malatji, M., & Tolah, A. (2024). Artificial intelligence (AI) cybersecurity dimensions: A comprehensive framework for understanding adversarial and offensive AI. AI and Ethics, 4(1), 1–20.Google Scholar ↗
  2. Dissanayake, N., et al. (2022). An empirical study of automation in software security patch management. arXiv preprint arXiv:2209.01518.Google Scholar ↗
  3. Böhme, M., et al. (2024). Software security analysis in 2030 and beyond: A research roadmap. arXiv preprint arXiv:2409.17844.Google Scholar ↗
  4. Sworna, Z. T., Islam, C., & Babar, M. A. (2022). APIRO: A framework for automated security tools API recommendation. arXiv preprint arXiv:2201.07959.Google Scholar ↗
  5. Voggenreiter, M., et al. (2024). Automated security findings management: A case study in industrial DevOps. arXiv preprint arXiv:2401.06602.Google Scholar ↗
  6. Fu, M., Pasuksmit, J., & Tantithamthavorn, C. (2024). AI for DevSecOps: A landscape and future opportunities. arXiv preprint arXiv:2404.04839.Google Scholar ↗
  7. Chaleshtari, N. B., et al. (2022). Metamorphic testing for web system security. arXiv preprint arXiv:2208.09505.Google Scholar ↗
  8. Basile, C., et al. (2023). Design, implementation, and automation of a risk management approach for man-at-the-end software protection. arXiv preprint arXiv:2303.15033.Google Scholar ↗
  9. Almorsy, M., Grundy, J., & Ibrahim, A. S. (2018). Automated software architecture security risk analysis using formalized signatures. Automated Software Engineering, 25(2), 317–364.Google Scholar ↗
  10. Enoch, S. Y., et al. (2020). HARMer: Cyber-attacks automation and evaluation. arXiv preprint arXiv:2006.14352.Google Scholar ↗
  11. Bi, S., Lian, Y., & Wang, Z. (2024). Research and Design of a Financial Intelligent Risk Control Platform Based on Big Data Analysis and Deep Machine Learning. arXiv preprint arXiv:2409.10331.Google Scholar ↗
  12. Sharma, A., & Singh, P. K. (2022). Implementing zero trust security in cloud environments. In Proceedings of the IEEE International Conference on Cloud Computing (pp. 123–130).Google Scholar ↗
  13. Asghar, M. R., et al. (2022). Zero trust architecture for cloud-based systems. IEEE Transactions on Cloud Computing, 10(2), 789–801.Google Scholar ↗
  14. Zhang, L., et al. (2022). A survey on zero trust architecture in cloud computing. IEEE Transactions on Dependable and Secure Computing, 19(4), 2100–2115.Google Scholar ↗
  15. Wang, Y., & Liu, X. (2022). Zero trust security model for cloud computing. In Proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (pp. 89–96).Google Scholar ↗
  16. Nair, A. (2023). The Why and How of adopting Zero Trust Model in Organizations. Authorea Preprints.Google Scholar ↗
  17. TN, N., Pramod, D., & Singh, R. (2023, August). Zero trust security model: Defining new boundaries to organizational network. In Proceedings of the 2023 Fifteenth International Conference on Contemporary Computing (pp. 603-609).Google Scholar ↗
  18. Bi, S., & Lian, Y. (2024). Advanced portfolio management in finance using deep learning and artificial intelligence techniques: Enhancing investment strategies through machine learning models. Journal of Artificial Intelligence Research, 4(1), 233-298.Google Scholar ↗
  19. Joo, S. H., Kim, J. M., Kwon, D. H., & Shin, Y. T. (2023). Strengthening Enterprise Security through the Adoption of Zero Trust Architecture-A Focus on Micro-segmentation Approach. Convergence Security Journal, 23(3), 3-11.Google Scholar ↗
  20. Pavana, B., & Prasad, S. K. (2022, October). Zero trust model: A compelling strategy to strengthen the security posture of IT organizations. In AIP Conference Proceedings (Vol. 2519, No. 1). AIP Publishing.Google Scholar ↗
Author details
Pushpalika Chatterjee
Senior Software Engineering Manager in Payments
✉ Corresponding Author
👤 View Profile →
Apurba Das
Lead Automation Engineer
👤 View Profile →🔗 Is this you? Claim this publication