Cloud security engineering: Early stages of SDLC

Security vulnerabilities and defects are results of poorly constructed software that can lead to easy exploitation by the cyber criminals. A large number of Cloud software systems are facing security threats, and even the sophisticated security tools and mechanisms are not able to detect it. Such prevailing problem necessitates the monitoring and controlling of the software development process and its maintenance. Security is considered to be one of the nonfunctional requirements that have significant effect on the architectural designing of the Cloud Software as a Service (SaaS). In addition, there is prevalence of differential views between the two software engineering concepts, i.e., conventional and contemporary and then this presents a significant challenge for the software development team to deal with security at the implementation and maintenance stage of the SDLC. Thus, we have discussed a real world case study includes 103 failed real cases that were generated manually or automatically by real applications through various testing techniques and we have illustrated some preliminary results. The evaluation results showed appearance of a significant number of security vulnerabilities in the early stages of Cloud Software/Service Development Life Cycle (CSDLC). Hence, this needs to be maintained in advance. Based on such results, this paper presents a generic framework to deal with such security at the early stages of the CSDLC. This framework aims at adding an extra security level at the early stages of the CSDLC, which has been further illustrated by a case study showing the applicability of the framework. (C) 2016 Elsevier B.V. All rights reserved.