소프트웨어 개발 프로세스 적용 보안 기술 동향 |
Lee, Gi-Hyeon
(단국대학교)
Kim, Seok-Mo (단국대학교) Lee, Eun-Seung (단국대학교) Park, Yong-Beom (단국대학교) |
1 | Gartner, Now is the time for security at Application Level.[Internet], https://www.sela.co.il/_Uploads/dbsAttachedFiles/GartnerNowIsTheTimeForSecurity.pdf. |
2 | Department of Homel and Security, Practical Measurement Framework for Software Assurance and Information Security, http://buildsecurityin.us-cert.gov/. |
3 | Microsoft, Introduction to the Microsoft Security Development Life cycle[Internet], http://www.microsoft.com/security/sdl |
4 | McDermott, John, and Chris Fox. "Using abuse case models for security requirements analysis." Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE, 1999. |
5 | MCDERMOTT, John; FOX, Chris. Using abuse case models for security requirements analysis. In: Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE, 1999. p. 55-64. |
6 | Alexander, Ian. "Misuse cases: Use cases with hostile intent." Software, IEEE 20.1 (2003): 58-66. |
7 | Dougherty, Chad R., Kirk Sayre, Robert Seacord, David Svoboda, and Kazuya Togashi. "Secure design patterns.", Carnegie Mellon University, March, 2009 |
8 | ms Threat Modeling, https://msdn.microsoft.com/en-us/library/ff648644.aspx |
9 | Mitre, CWE./SANS Top 25[Internet], http://cwe.mitre.org/top25/. |
10 | OWASPTop10,https://www.owasp.org/index.php/Top_10_2013-Top_10 |
11 | Hush, Mei-Chen, Timothy K. Tsai, and Ravishankar K.Iyer. "Fault injection techniques and tools." Computer 30.4, 1997, pp. 75-82. DOI |
12 | "Source code instrumentation overview" IBMwebsite, http://www-01.ibm.com/support/knowledgecenter/#!/SSSHUF_8.0.0/com.ibm.rational.testrt.doc/topics/cinstruovw.html |