IEEE Software ( Volume: 35 , Issue: 5 , September/October 2018 )

1. Engineering Security Vulnerability
Prevention, Detection, and Response
IEEE Software ( Volume: 35 , Issue: 5 , September/October 2018 )
Group Member(s):
Areeba Jabeen
Hafsa Habib
Muniba Javaid

2. Software Security
Software engineers use software security practices to
• Prevent the introduction of vulnerabilities into a product or system,
• Detect vulnerabilities that have been injected during development,
• Respond to the discovery of vulnerabilities in a deployed product by
attackers and researchers.
Software Vulnerability
A software vulnerability is a glitch, flaw, or weakness present in
the software which helps the attacker to perform unauthorized actions
within a computer system.

3. Vulnerability Prevention
Two practices are commonly used in Firms / Organizations to prevent the
injection of vulnerabilities:
• Design flaw prevention practices
• Implementation bug prevention practices
Design flaw prevention practices
 Build and publish security features
 Create security standards
 Create (security) policy
 Identify potential attackers
 Use application containers
 Create technology-specific attack
patterns
Implementation bug prevention practices
 Use a top-N bugs list
 Use secure coding standards.

4. Vulnerability Detection
Vulnerability detection practices are used to find implementation bugs
and design flaws in a product prior to its deployment to a customer.
To be protected, the entire system should be monitored. Intrusion
detection tools should be strategically placed at the network and
application levels.
Intrusion detection system (IDS)
An intrusion detection system (IDS) is a tool or software that works
with your network to keep it secure and flag when somebody is trying
to break into your system.
Some popular IDS Software Tools are: SolarWinds Security Event
Manager, Snort, Suricata, Trend Micro TippingPoint, Cisco
Stealthwatch

5. Vulnerability Detection
Two practices are commonly used in Firms / Organizations for the
detection of vulnerabilities:
• Design flaw detection practices
• Implementation bug detection practices
Implementation bug detection practices
 Use external penetration testers to
find problems.
 Ensure that quality assurance (QA)
supports edge or boundary value
condition testing.
 Use penetration testing tools
internally.
 Use automated tools along with a
manual review.
Design flaw detection practices
 Use external penetration testers to
find problems.
 Perform a security feature review.
 Use penetration testing tools
internally.
 Perform a design review for high-risk
applications.

6. Vulnerability Response
Six software security practices are used to detect a breach or to
respond to the detection of vulnerabilities once the product is
deployed.
The three practices used most often deal with emergency responses
and bug fixing.
 Create or interface with incident response.
 Track software bugs found in operations through the fix process.
 Have an emergency code base response.
The lowest-used practices are focused on proactive actions, such as
fixing all occurrences of bugs.
 Use application input monitoring.
 Use application behavior monitoring and diagnostics.
 Fix all occurrences of software bugs found in operations.

7. CONCLUSION
Software engineers and security researchers must continue to rise to protect
society from the attackers.
 Engineers should explicitly consider the bad actors for their systems and
what these actors want to do, such that the system can stop them in their
tracks using practices such as abuse cases and threat models.
 Engineers should also consider the unintentional mistakes that users can
make, such as clicking on suspicious links, and design systems to protect
the user from his or her own actions.
Providing tools to aid in software security is not enough. Students and
practitioners need to be trained. Educators of software engineers should
ensure that students learn the importance of and the practices for designing
and developing secure systems.

8. Thank you...