Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

SecurityGuard: An Automated Secure Coding Framework

  • Conference paper
  • First Online:
Intelligent Technologies and Applications (INTAP 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1382))

Included in the following conference series:

Abstract

The security of software systems is becoming extra vulnerable as new software is being created. It is due to several reasons such as security exploiters are becoming much smarter while the majority of developers are usually not aware of a new set of attacks or even using previous codes that are known to be vulnerable. It’s quite challenging to build secure software with limited time and budget. This work presents a framework called SecurityGuard which is an automated secure coding framework that will allow auto-code fixes based on recommendations from experts as well as learning from best practices. The proposed framework can be used as a plugin to the Integrated Development Environment. The framework is based on three important segments along with a user-friendly interface and an adaptable dashboard providing useful statistics. SecurityGuard will ensure that developers can focus on business logic development without worrying about the implementation of security components.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Torten, R., Reaiche, C., Boyle, S.: The impact of security awareness on information technology professionals’ behavior. Comput. Secur. 79, 68–79 (2018)

    Article  Google Scholar 

  2. Chou, T.S.: Security threats on cloud computing vulnerabilities. Int. J. Comput. Sci. Inf. Technol. 5(3), 79 (2013)

    Google Scholar 

  3. Johnson, B., Song, Y., Murphy-Hill, E., Bowdidge, R.: Why don’t software developers use static analysis tools to find bugs? In: 2013 35th International Conference on Software Engineering (ICSE), pp. 672–681. IEEE (2013)‏

    Google Scholar 

  4. Dowd, M., McDonald, J., Schuh, J.: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, 1st edn. Pearson Education, USA (2006)

    Google Scholar 

  5. Li, J., Beba, S., Karlsen, M.: Evaluation of open-source IDE plugins for detecting security vulnerabilities. In: Proceedings of the Evaluation and Assessment on Software Engineering, pp. 200–209 (2019)

    Google Scholar 

  6. Takanen, A., Demott, J.D., Miller, C., Kettunen, A.: Fuzzing for Software Security Testing and Quality Assurance, 1st edn. Artech House, USA (2018)

    MATH  Google Scholar 

  7. Yang, J., Tan, L., Peyton, J., Duer, K.A.: Towards better utilizing static application security testing. In: IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice, pp. 51–60. IEEE (2019)

    Google Scholar 

  8. De Cremer, P., Desmet, N., Madou, M., De Sutter, B.: Sensei: enforcing secure coding guidelines in the integrated development environment. Wiley Practice and Experience, Software (2020)

    Google Scholar 

  9. Sampaio, L., Garcia, A.: Exploring context-sensitive data flow analysis for early vulnerability detection. J. Syst. Softw. 113, 337–361 (2016)

    Article  Google Scholar 

  10. Murthy, N.: Codiscope SecureAssist™: The Developer’s Security Assistant. In: IEEE Cybersecurity Development (SecDev), pp. 162. IEEE (2016)‏

    Google Scholar 

  11. Baset, A. Z., Denning, T.: IDE plugins for detecting input-validation vulnerabilities. In: 2017 IEEE Security and Privacy Workshops, pp. 143–146, IEEE (2017)‏

    Google Scholar 

  12. Charest, T., Rodgers, N., Wu, Y.: Comparison of static analysis tools for Java using the Juliet test suite. In: 11th International Conference on Cyber Warfare and Security, pp. 431–438. Academic Conferences Limited, USA (2016)

    Google Scholar 

  13. Oyetoyan, T.D., Milosheska, B., Grini, M., Soares Cruzes, D.: Myths and facts about static application security testing tools: an action research at Telenor digital. In: Garbajosa, J., Wang, X., Aguiar, A. (eds.) XP 2018. LNBIP, vol. 314, pp. 86–103. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91602-6_6

    Chapter  Google Scholar 

  14. Xie, J., Chu, B., Lipford, H.R., Melton, J.T.: ASIDE IDE support for web application security. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 267–276. ACM (2011)

    Google Scholar 

  15. Christakis, M., Bird, C.: What developers want and need from program analysis: an empirical study. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 332–343. IEEE (2016)

    Google Scholar 

  16. Johnson, B., Song, Y., Murphy-Hill, E., Bowdidge, R.: Why don’t software developers use static analysis tools to find bugs? In: 35th International Conference on Software Engineering, pp. 672–681. IEEE (2013)

    Google Scholar 

  17. Sadowski, C., Van Gogh, J., Jaspan, C., Söderberg, E., Winter, C.: Tricorder: building a program analysis ecosystem. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, pp. 598–608. IEEE (2015)

    Google Scholar 

  18. Ayewah, N., Pugh, W., Hovemeyer, D., Morgenthaler, J.D., Penix, J.: Using static analysis to find bugs. IEEE Softw. 25(5), 22–29 (2008)

    Article  Google Scholar 

  19. Alenezi, M., Javed, Y.: Developer companion: a framework to produce secure web applications. Int. J. Comput. Sci. Inf. Secur. 14(7), 12 (2016)

    Google Scholar 

  20. Li, J., Beba, S., Karlsen, M.: Evaluation of open-source IDE plugins for detecting security vulnerabilities. In: Proceedings of the Evaluation and Assessment on Software Engineering, pp. 200–209, Denmark (2019)

    Google Scholar 

  21. Kim, H., Jiang, Y., Kannan, S., Oh, S., Viswanath, P.: Deepcode: feedback codes via deep learning. In: Advances in Neural Information Processing Systems, pp. 9436–9446, Canada (2018)

    Google Scholar 

  22. Calcagno, C., Distefano, D.: Infer: an automatic program verifier for memory safety of C programs. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 459–465. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_33

    Chapter  Google Scholar 

  23. Marginean, A., et al.: Sapfix: automated end-to-end repair at scale. In: IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice, pp. 269–278. IEEE (2019)

    Google Scholar 

  24. Nembhard, F., Carvalho, M., Eskridge, T.: Extracting knowledge from open source projects to improve program security. In: SoutheastCon 2018, pp. 1–7. IEEE (2018)

    Google Scholar 

  25. Farris, K.A., Shah, A., Cybenko, G., Ganesan, R., Jajodia, S.: Vulcon: a system for vulnerability prioritization, mitigation, and management. ACM Trans. Priv. Secur. 21(4), 1–28 (2018)

    Article  Google Scholar 

  26. Alenezi, M., Javed, Y.: Open source web application security: a static analysis approach. In: 2016 International Conference on Engineering & MIS, pp. 1–5. IEEE (2016).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Prince Sultan University, Riyadh, Kingdom of Saudi Arabia

    Yasir Javed & Mamdouh Alenezi

  2. Mehran University of Engineering and Technology, Jamshoro, Pakistan

    Qasim Ali Arian

Authors
  1. Yasir Javed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qasim Ali Arian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mamdouh Alenezi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yasir Javed .

Editor information

Editors and Affiliations

  1. NTNU, Gjøvik, Norway

    Sule Yildirim Yayilgan

  2. The Islamia University of Bahawalpur, Punjab, Pakistan

    Imran Sarwar Bajwa

  3. University of Agder, Kristiansand, Norway

    Filippo Sanfilippo

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Javed, Y., Arian, Q.A., Alenezi, M. (2021). SecurityGuard: An Automated Secure Coding Framework. In: Yildirim Yayilgan, S., Bajwa, I.S., Sanfilippo, F. (eds) Intelligent Technologies and Applications. INTAP 2020. Communications in Computer and Information Science, vol 1382. Springer, Cham. https://doi.org/10.1007/978-3-030-71711-7_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71711-7_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71710-0

  • Online ISBN: 978-3-030-71711-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation