A review of factors influencing the implementation of secure framework for in-house web application development in Malaysian public sector

Every year, web applications have expanded their presence in more areas in financial organizations, health organizations, public sector, retail and accommodation. Security is important in data protection so as not to be infringed by unauthorized parties. If the vulnerabilities found are not amended, it leads to cyber-attacks such as Structured Query Language Injection Attack (SQLIA) performed by certain parties which enable them to gain unauthorized data access. To cater security issues, variety of security frameworks for secure software development life cycle (SDLC) were introduced. Secure SDLC is created by integrating security-related activities to an each phase of in used development methodologies such as waterfall model or agile model. However, the application security problem continues to grow. Strict, complicated and heavyweight frameworks are underutilized due to several factors. The factors that influence the implementation of secure SDLC identified in public sector (the scope is State Secretary Offices in Malaysia) are inadequate development timeline, improper development team size and less awareness of team members' workload. It is agreed that integrating security at earlier (requirement and design) phase is the most effective and cheapest way to develop secure web application. Hence, an adaptive secure SDLC model is proposed to integrate security activities using Fuzzy Analytic Hierarchy Process (FAHP) focusing on the influence factors as the main criteria and meet the international and local secure frameworks standards. The proposed model will recommend adaptive security activities as a guideline to be applied at earlier phases of SDLC to help eliminate/ minimize the web application vulnerabilities and increase the application security and implemented as a proof-of-concept prototype at selected Malaysian public sector for in-house web application development. © 2018 IEEE