A framework for penetration testing in software development lifecycle

Introduction

In today era where technology is a way of life, our day to day activities are handled with software’s and internet
of things (IOT), security has been the big issue to deal with. Technologies are vulnerable to threat that are being
exploited every single time even if software are being upgraded the vulnerabilities are always being discovered
that’s where penetration testing come from, if we can’t avoid it lets think like them and protect it, penetration
testing is ethically hacking an application in order to avoid weakness and vulnerabilities within the system using
the mind of a hacker perspective, although there are many kind of tools, guidelines and checklists the
application of it is weak specially in Ethiopia where technology is in a growing stage security is being neglected
among software developers which is resulting a loss in its functionality and compatibility, that is why this
research proposes a framework that will align penetration testing stages with software development life cycle.

Statement of the problem

 In Software development life cycle emphasis is given for functional requirement testing and security is
tested when the software product is in evaluation stage this approach is resulting the software product to
be vulnerable to potential attack and threats, even if there are researches to avoid this problem the
application in the software development life cycle is not critical that is why this research proposes
simplified an end to end stage alignment of penetration testing stages with software development life
cycle.

Research question

What are the current trends, tool, techniques and guideline used in selected software development companies to
consider or address security requirement for their software products?
 The research question will be raised in both specific quantitative and qualitative research sub-questions
General objective

The general objective of the research is:

 To create a framework that will provide a secure software development through alignment model that
will align penetration testing stages with software development stages of requirement, design,
implementation, validation and deployment.

Specific objective

 To conduct an investigation on penetration testing stages.

 To explore penetration testing tools and techniques.
 To conduct a thorough review of literature on penetration testing, secure software development life
cycle and open web application security project (OWASP) guideline and checklists.
 To conduct back ground study on selected development firms in Addis Ababa, Ethiopia towards security
techniques and tools that are employed for this purpose.
 To examine problems that are being used in penetration testing to address problems in software
development life cycle.
 To evaluate selected software development life cycle in order to align and choose the penetration testing
stage that best fit the software development life cycle.

Methodology

A mixed method design, which is a procedure for collecting, analyzing and mixing both quantitative
and qualitative data at will be conduct in order to analyze the problem. Besides, using both approaches will
allow the research to have a complete analysis and to draw a precise conclusion. In addition to this an extensive
literature review, case study, scenario-based analysis and simulations will be used in order to let the research
have a tangible and diversified view of the research problem.

Scope and limitation

 The research will only focus on the analysis of penetration testing. It does not typically focus on other
security attributes.
 The research will only focus on software development stages of requirement, design, implementation,
verification and deployment. It does not include other development stages such as evaluation.