Journal of Physics: Conference Series
You may also like
PAPER • OPEN ACCESS
Application Research on Key Points of Software
Security Development Technology
To cite this article: He Zhou 2022 J. Phys.: Conf. Ser. 2173 012041
- Complexity Estimation for Distributed
Software Development Using SRS
Agarwal Apurva
- Design and Practice of Software
Architecture in Agile Development
Ding Yong
- Development Trend of Computer Artificial
Intelligence Technology Optimization
Strategy in Software Development
Saidong Liu
View the article online for updates and enhancements.
This content was downloaded from IP address 200.130.19.236 on 07/11/2023 at 11:41
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
Application Research on Key Points of Software Security
Development Technology
He Zhou
School of Computer and Information Engineering, Nanchang Institute of Technology,
Nanchang, Jiangxi 330044, China
*
corresponding author’s e-mail: 51001202@qq.com
Abstract. With the rapid development of network technology, software security has
attracted more and more attention. Based on the software security lifecycle presents an
improved suitable for small and medium-sized enterprise software security development
process, make the software safety to cover the whole software life cycle, improve the level
of safety of encoding software. The model used in the software development phase, test
phase and release phase three software security key technologies are studied and discussed
in detail. In addition, it also designed a software security development management
platform, the software development process so that the model can better apply to the actual
enterprise to the platform. After a number of units for a period of time of trial, get a better
evaluation of the households.
Keywords. Software security; key technology; development; network
1. Introduction
The software product with everything else, but also through birth, birth, growth, maturity, decline
stage, in software engineering we commonly known as the software life cycle [1]. Through the whole
life cycle of software is divided into several stages, each stage has a clear mandate, the scale is big,
easy to control and management of complex software the development and management of the
complex [2]. Usually, the software life cycle including feasibility analysis and development plan,
requirement analysis, design, encoding, testing, maintenance and other activities, these activities can
be in a proper way assigned to different stages to complete [3]. This method divided the process is a
principle, in software engineering, which follow the prescribed order step by step, each stage, have
defined work, review, document for communication or for reference, in order to improve the quality of
software.
This stage is to discuss the software development and demand, mainly to determine the
development goals and the feasibility of the software [4]. The feasibility study is usually the feasibility
of the project report to top management for software development funds, usually from the economic,
business or organization, and technology in project feasibility assessment. In addition, feasibility to
continue the project tracking and research progress of information management system of the
evaluation team also can be used as a reference [5]
In the software development is feasible; the detailed analysis of the various functions of the
software needs to realize [6]. The demand analysis stage is a very important stage, this stage is well
done, will be a good foundation for the software development project success lay. "The only constant
is change itself, the same." demand is constantly changing during the whole process of software
development and in-depth, so we must make changes in demand plan to deal with this change, in order
to protect the smooth progress of the project.
Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd
1
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
This stage is mainly based on the results of requirement analysis, the design of the function and
operation of the entire software system, such as system framework design, database design, user
interface layout, business rules, and system flow and so on. At the end of this period, we will make the
whole system design described as a series of modules or subsystems of software design [7]. Generally
divided into the overall design and detailed design for each demand system, will be on or make a
prototype system to produce one or more key points of the design. The software design phase is a
crucial stage in the whole software life cycle. In the design stage if there is some design errors later, in
the software you want to restore the price is very expensive. And good software design for software
programming and lays a good foundation.
To go through rigorous testing in the software design is completed, to found in the whole design
process of software problems and correct. The whole test process is divided into three stages of unit
testing, assembly test and system test. The test methods include white box testing and black box
testing in two. In the course of the testing a detailed test plan and test strictly according to the test plan,
test to reduce the randomness.
2. Overview of community Gymnastics Teaching
Traditional software development model mainly includes the waterfall model, spiral model,
incremental model. They mainly focus on the development of the quality of the software process, the
development efficiency, and not too much attention to software security. Due to the lack of emphasis
on security model, to bring a variety of security risks to the software products in the development
process of software project, the security of the software cannot be improved, may eventually be due to
some security vulnerabilities in the software to software developers and end users have suffered
varying degrees of loss.
2.1. Disadvantages of traditional gymnastic teaching methods
In order to make the software to deal with current security threats, it is necessary to improve the safety
awareness in the process of software development, the software in the whole life cycle of the safety of
the software, improve software security products. In this paper, the software security development
processes are introduced, and makes comparison and analysis on them at present the software security
development process mainly needs more resources based on small and medium enterprises, barriers to
the status quo in the application process, the software security development lifecycle is proposed
based on an improved suitable for small and medium-sized enterprise software security development
process, make the software safety to cover the whole software life cycle, safety and cost saving
enterprises, improve the level of software security.
At present, the security threats faced by software products, which mainly includes two aspects: the
people's attention. On the one hand is a software product of the crack, illegal dissemination and use,
and security vulnerabilities on the other hand from the attacker for the software product itself for the
attack. The two, whether it is from which aspects of the threat, will bring huge losses to the enterprise.
The problem of copyright protection on software, while software developers tried various ways to
use disk protection, hardware protection, software encryption shell and other technical means, hackers
can always find ways to solve the corresponding, to completely prevent piracy is not too realistic. And
there are some security vulnerabilities in software is often break and software are the relationship
between hackers can obtain information related to the logical flow of software through software
security vulnerabilities, which makes it possible to break the software.
The problem of copyright protection of software are mainly on the illegal copying and illegal use of
software, namely software piracy software. As a product often will bring huge economic and social
benefits, and its value has also been more attention. And because of the characteristics of digital
software, the software has the cost of reproduction low copy, high efficiency characteristics, so often
become the object of copyright infringement. From the development of Internet technology, but also to
the spread of digital products including software has brought great convenience, so that the issue of
intellectual property protection has become increasingly prominent as shown in figure 1.
2
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
Figure 1. Software internal control flow chart
2.2. Feasibility analysis of application of multimedia technology in the teaching of Gymnastics
With the development of the concept of cloud computing, more and more software available to users
through the network service, which undoubtedly brings users great convenience, users need only a
browser can be used for shopping, entertainment and communication services of all kinds. For
enterprise users, enterprises can also be through the release of information, network services, network
marketing, customer service, and business partners as well as online contract or commodity trading
business. However, due to security vulnerabilities of software services and browser vulnerabilities,
steal information, data tampering and other illegal attacks it is often seen. Often cause serious harm,
and losses to the use of software users and software network the service of software developers.
The Internet enables people to use the software more convenient, but also give the attacker the
opportunity to bring more risk to the software. The open nature of the Internet makes the hacker
software system of enterprise development at the same time because whenever and wherever possible
access to the platform is open to the enterprise is very difficult to distinguish between legitimate users
and hackers. This makes hackers than in the past the more time and space to attack the software
system, found in the software security defects and use it.
At present, the software application system scalability are relatively high, often through the
installation and update the plug-in to the system functions are expanded to meet the changing needs of
users. For example, support plug-ins and browsers on its official website provides a large number of
various functions by third party development plugin for the user to choose the use of the operating
system can support a variety of hardware devices by dynamically loading device driver according to
their own needs. The scalability of the software brings users great freedom and can be customized, but
to the security of software has brought great challenges. Because the third party development level
encoding expansion function and attention the degree of safety of the uneven, often lead to a security
vulnerability in the extended function cause the entire software security defense collapsed as shown in
formula (1).
−x ±
x 2 − 4yz
= x 2 + z 2 � x 2 − 4yz
2y
(1)
Most programmers think in the preparation of the program the program is run in a way. In fact, the
modern computer is very fast in task switching, in multi-core, multi or distributed system, often have a
time to happen at the same time the exact time. Between the programming ideas and the real situation
of existence a lot of program weaknesses. These security vulnerabilities by thread, process, time, and
state between the non expected interaction caused.
3
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
3. The development and application of multimedia technology in the teaching of community
sports
Error and error handling on behalf of a class, but with the error handling security issues is very
common, and as a separate category. There are two kinds of error handling cases will have security
vulnerabilities. One is the lack of error or no error handling, a situation this is the most common. The
other one is in error when leaked too much information, or processing error is safe.
3.1. The necessity of making gymnastic courseware
At present, the Internet has become a very important platform, and with the concept of cloud
computing, many enterprises are based on the development of software system, to provide customers
with more convenient and efficient service support. These applications in function and performance,
are constantly improving and improving, but in safety very important, but did not get enough attention.
Most of the enterprises will be a large number of investment spending in the network and server
security, there is no guarantee that the application of its own security in the real sense, to hackers.
According to the annual report, in the application security vulnerabilities list of the ten most serious
were the top three cross site scripting, injection vulnerabilities and malicious files. The cause of the
implementation [three vulnerabilities is direct and not to do enough to check user input caused. Seven
vulnerabilities are also and there is more or less user input.
XSS vulnerability is due to a system without a good filter out user submitted content in the
executable script caused. Using XSS vulnerabilities, an attacker can remotely submit malicious scripts
into the system to access the system; users will perform these attacks from malicious script by ". A
XSS attack usually to the attacker, and attack the client site out of the three groups.
The user must suffer by their own initiative to complete the submission to make malicious scripts,
malicious scripts can access to the user's privacy information, so the attacker will usually constructs a
malicious script link, using a variety of methods to lure victims of active users to click on the link in
order to complete the attack as shown in figure 2.
Figure 2. The software flow chart analysis
The above example is the use of a non-persistent cross site scripting attacks. This kind of
vulnerability is usually due to the usual user supplied data is parameters in the request or submit the
page from the data in the form; the server did not filter directly used to generate returns to the user
page results formed. Submit data is not stored in the server. This case is as shown in figure 3.
4
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
Figure 3. Control gate program
3.2. The function, principle, method and condition of developing multimedia technology
Persistent XSS vulnerability is usually more serious. When kept in the server stored in the database
such as persistent attacker submitted data, then the data is not verified displayed on other users usually
may access the page, will be stored in persistent XSS vulnerabilities. A typical example is that if an
online forum allows users to use directly in the code at the post, it will cause persistent XSS
vulnerabilities, because online forum posting is usually stored in the database, and posting content can
be all users to see. A big problem existing in software security is that many software systems do not
have a good sense of safety in the construction process. Software developers mostly take a better
attitude; will focus more on the repair of software security issues, rather than an effort to create safe
software from the beginning.
Even some software developers have a misunderstanding on software security issues, often the
safety investment used in the procurement of equipment such as firewall, old for protection from the
network layer attacks, leaving only the security of the software itself for the rest. In fact, the statistical
data presented show that only the attack is realized by network protocols or hardware vulnerabilities,
and the hacker attacks on the application layer, the use of software security vulnerabilities exist in the
attack. For these attacks using software vulnerabilities, security devices in the network layer can play a
protective role. Only the safety investment against a possible attack this is also the reason that some
software security is poor as shown in figure 4.
5
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
Figure 4. User praise
4. Discussions
Although the enterprise in the software development process for software security problems have been
more and more attention, but the application of the software security development process is still not
ideal. The survey report pointed out that the scale of the enterprise is one of the important factors that
influence the enterprise whether the security development process in the software development
process. At present, several major software security development process needs large resources of
large enterprises, they can afford more safety tools and safety activities overhead for funds, the lack of
human resources of small and medium enterprises to say, application software security development
process, there is still a significant obstacle. Therefore, it is necessary for the lack of resources of small
and medium sized enterprises some consider must optimize the software security development process.
On the basis, the process is simplified, a better applied to the lightweight software security
development process of small and medium enterprises, and the first two chapters put forward dynamic
watermarking based on dynamic data dependence graph, software protection technology of dynamic
security analysis of dynamic data dependence and some other existing software security technology
based on the combination of. Has the same security as the core, to software security coverage to the
characteristics of each stage of the software life cycle.
And different, involving safety software security development process proposed by this paper, is not
fully in accordance with the order, but there is overlap in time, in order to save time and cost. We also
emphasize the use of free security tools, and security tools for automatic configuration, a part of the
regular automatic safety activities the work, save money, time and manpower. Software security
development process is the goal of software security issues in the design and implementation of the
reduction in the software development life cycle as early as possible during the macro grasp of
software safety in the whole process of software development, improve software security, severity
reduce the impact of any security issues not found in the software.
5. Conclusion
The work of this paper is the first from the two aspects of copyright protection and security
vulnerabilities summarizes the security threats facing the software. In order to make the software to
deal with current security threats, it is necessary to improve the safety awareness in the process of
software development, software in the whole life cycle of software safety concerns, improve safety
software products. Based on the software security development processes are introduced, and they are
compared and analyzed. Then the current software security development process mainly needs more
resources based on small and medium enterprises, barriers to the status quo in the application process,
based on software security development life cycle forward improved suitable for small and medium
6
ICMSOA 2021
Journal of Physics: Conference Series
2173 (2022) 012041
IOP Publishing
doi:10.1088/1742-6596/2173/1/012041
enterprises software development process, software security is able to cover the entire software life
cycle, save enterprise security Total cost, improve the level of software security. The software security
development process based on the improved design and implementation of a software development
management platform, the purpose is to enable enterprises to better in the software development
process of application software security development process, the software development process of
effective management, as far as possible early discovery and repair security vulnerabilities in the
software, security the final software was significantly improved. The platform after a number of units
for a period of time after the trial, get a better evaluation.
Acknowledgement
Project Fund: Collaborative Education by the Ministry of Education, Fund No. 202101196010,
Application of Network Crawber in Big Data Teaching.
References
[1] Evren G 2016 Preparation for Central Common Examination is not a Torment but Fun Procedia
Social and Behavioral Sciences 232(24) 47-56
[2] Hu Y N 2017 Research on the Application of Fault Tree Analysis for Building Fire Safety of
Hotels Procedia Engineering 135(1) 45-6
[3] Flaherty G T 2016 Research on the move: the potential applications of mobile health
technology in travel medicine Journal of Travel Medicine 23(6) 49-55
[4] Maja S J, Radmila B, Bojan L 2016 A Proposal for Research Framework Based on The
Theoretical Analysis and Practical Application of MLQ Questionnaire Conomic Themes 4(4) 56
[5] Petros T, ikolaos S 2016 Editorial to the IFSET Special Issue “Advances in research
and applications of nonthermal technologies for food processing and preservation” based on
the 2015 International Nonthermal Processing Workshop Innovative Food Science and
Emerging Technologies 38(1) 220-7
[6] Pattanapong W 2016 Errors in translation made by English major students: A study on types
and causes Kasetsart Journal of Social Sciences 783(26) 89-102
[7] Agnes A O 2017 The Abolishment of Colleges and its Implications on ELT in Nigeria Procedia
- Social and Behavioral Sciences 232(24) 567-9
7