Secure software development and testing: A model-based methodology

Modern industries widely rely upon software and IT services, in a context where cybercrime is rapidly spreading in more and more sectors. Unfortunately, despite greater general awareness of security risks and the availability of security tools that can help to cope with those risks, many organizations (especially medium/small-size ones) still lag when it comes to building security into their services. This is mainly due to the limited security skills of common developers/IT project managers and to the typically high costs of security procedures. In fact, while automated tools exist to perform code analysis, vulnerability scanning, or security testing, the manual intervention of security experts is still required not only for security analysis and design, but also to configure and elaborate the output of the security testing tools. In this paper, we propose a novel secure software development methodology aimed at supporting developers from security design to security testing, suitable for integration within modern DevOps pipelines according to a DevSecOps (or SecDevOps) approach. The proposed methodology leverages a model-based process that enables identifying existing threats, selecting appropriate countermeasures to enforce, and verify their mitigation effectiveness through both static assessment procedures and targeted security tests. To demonstrate our approach's feasibility and concretely illustrate the devised activities, we provide a step-by-step description of the whole process concerning a containerized microservice-based application case study. In addition, we discuss the application of the proposed methodology, in its threat modeling and security testing phases, to a well-known vulnerable web application widely used for security training purposes, to illustrate that we can identify most of the existing vulnerabilities and determine appropriate test plans to assess and mitigate such vulnerabilities.