1. [1] J. H. Allen, Software security engineering: a guide for project managers. Addison-Wesley, 2008.
2. [2] M. Eftekhari, M.M. Momenabadi, M. Khamar, "Proposing an evolutionary-fuzzy method for software defects detection", JSDP. Vol. 15, NO. 4, pp.3-16, 2009. [
DOI:10.29252/jsdp.15.4.3]
3. [3] G. McGraw, "Software Security: Building Security in," in 2006 17th International Symposium on Software Reliability Engineer-ing, 2006, pp. 6-16. [
DOI:10.1109/ISSRE.2006.43]
4. [4] M. Howard and S. Lipner, "The security development lifecycle : SDL, a process for developing demonstrably more secure soft-ware", Microsoft Press, 2006.
5. [5] "Microsoft SDL Process Guidance updates, version 5.2 - Microsoft Security." [Online]. Available: https://www.microsoft.com/security/blog/2012/05/23/now-available-microsoft-sdl-process-guidance-updates-version-5-2/. [Accessed: 14-May-2019].
6. [6] J. Jürjens, "UMLsec: Extending UML for Secure Systems Development," Springer, Berlin, Heidelberg, 2002, pp. 412-425. DOI: [
DOI:10.1007/3-540-45800-X_32]
7. [7] J. Jürjens, Secure Systems Development with UML. Springer-Verlag Berlin, Heidelberg, 2010.
8. [8] N. R. Mead, T. Stehney, N. R. Mead, and T. Stehney, "Security quality requirements engineering (SQUARE) methodology," in Proceedings of the 2005 workshop on Software engineering for secure systems building trustworthy applications - SESS '05, 2005, vol. 30, no. 4, pp. 1-7.
DOI: [
DOI:10.1145/1082983.1083214]
9. [9] N. R Mead, V. Viswanathan, and J. Zhan, "Incorporating security requirements engineering into standard lifecycle processes," International Journal of Security and Its Applications, vol. 2, no. 4, pp. 67-79, 2008. DOI: 10.1109/COMPSAC.2008.85 [
DOI:10.1109/COMPSAC.2008.85]
10. [10] H. Assal and S. Chiasson, "Security in the Software Development Lifecycle," in Four-teenth Symposium on Usable Privacy and Security, 2018, pp. 281-296.
11. [11] P. Jaferian, G. Elahi, M. R. A. Shirazi, and B. Sadeghian, "RUPSec: extending business modeling and requirements disciplines of RUP for developing secure systems," in 31st EUROMICRO Conference on Software Engineering and Advanced Applications, 2005, pp.232-239. DOI: 10.1109/EUROMICRO.2005.51 [
DOI:10.1109/EUROMICRO.2005.51]
12. [12] H. Mohd and et al., "A secured e-tendering model based on rational unified process (RUP) approach: inception and elaboration phases," International Journal of Supply Chain Management. Vol. 5, no 4, pp. 114-120, 2016.
13. [13] H. Belani, Z. Car, and A. Caric, "RUP-based process model for security requirements engineering in value-added service develop-ment," in 2009 ICSE Workshop on Software Engineering for Secure Systems, 2009, pp.54-60.
DOI: 10.1109/IWSESS.2009.5068459 [
DOI:10.1109/IWSESS.2009.5068459]
14. [14] "Microsoft Attack Surface Analyzer. "[Online]. Available: https://www.microsoft.com/en-us/-download/details.aspx?id=24487. [Accessed: 15-May-2019].
15. [15] "FxCop | Microsoft Docs." [Online]. Available: https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-3.0/bb429476(v=vs.80). [Accessed: 15-May-2019].
16. [16] "Microsoft Code Analysis." [Online]. Available: http://microsoft.github.io/CodeAna-lysis/. [Accessed: 15-May-2019].
17. [17] "Microsoft Anti-Cross Site Scripting Library V4.3 from Official Microsoft Download Center." [Online]. Available: https://www.mic-rosoft.com/en-us/download/details.aspx-?id=43126. [Accessed: 15-May-2019].
18. [18] "Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution." [Online]. Available: https://www.kali.org/. [Accessed: 15-May-2019].
19. [19] C. E. de Barros Paes and C. M. Hirata, "RUP Extension for the Development of Secure Systems," in Fourth International Conference on Information Technology (ITNG'07), 2007, pp. 643-652. DOI: 10.1109/ITNG.2007.171 [
DOI:10.1109/ITNG.2007.171]
20. [20] R. Kneuper, "Software Processes in the Software Product Life Cycle," in Software Processes and Life Cycle Models, Cham: Springer International Publishing, 2018, pp. 69-157.
DOI: [
DOI:10.1007/978-3-319-98845-0_3]
21. [21] Y. Mufti, M. Niazi, M. Alshayeb, and S. Mahmood, "A Readiness Model for Security Requirements Engineering," IEEE Access, vol. 6,pp.28611-28631,2018.
DOI: 10.1109/ACCESS.2018.2840322 [
DOI:10.1109/ACCESS.2018.2840322]
22. [22] C. Gonzalez and E. Liñan, "A Software Engineering Methodology for Developing Secure Obfuscated Software," Springer, Cham, 2020, pp. 1069-1078. DOI: https://doi.or-g/10.1007/978-3-030-12385-7_72 [
DOI:10.1007/978-3-030-12385-7_72]
23. [23] S. K. Jha and R. K. Mishra, "Predicting and Accessing Security Features into Component-Based Software Development: A Critical Survey," Springer, Singapore, 2019, pp. 287-294. DOI: [
DOI:10.1007/978-981-10-8848-3_28]
24. [24] P. Morrison, D. Moye, R. Pandita, and L. Williams, "Mapping the field of software life cycle security metrics," Information and Software Technology, vol. 102, pp. 146-159, Oct. 2018. DOI:
https://doi.org/10.1016/j.infsof.2018.05.011 [
DOI:10.1016/j.in-fsof.2018.05.011]
25. [25] H. Maleki, A. Jamshidi, and M. Mohammadi, "A Framework for Effective Exception Handling in Software Requirements Phase," Springer, Singapore, 2019, pp. 397-411. DOI:
https://doi.org/10.1007/978-981-10-8672-4_30 [
DOI:10.1007/978-981-10-8672-4_30.]