Software development security: a critical analysis of approaches and practices
Keywords:
Cybersecurity, software, training, code, technologyAbstract
The review shows that security in software development must be incorporated from the initial stages of the project and not left as a final correction. It was found that many vulnerabilities arise from the design, so adopting a preventive and risk-based approach reduces rework and strengthens system protection. Models and standards such as SSDF, ISO/IEC 27034, and practices such as threat modeling help integrate security in a structured way. The use of automated tools such as SAST, DAST, and SCA facilitates continuous fault detection, but their effectiveness depends on a collaborative culture between development, operations, and security, as promoted by DevSecOps. In addition, resources such as OWASP Top 10 and ASVS are key to recognizing common risks and guiding improvements. Finally, the review highlights the importance of also verifying external dependencies, due to the risk present in the supply chain. Overall, securing software requires both good technical practices and a cultural shift that embraces security as a natural part of the process.
References
x
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
