Dr. Drew Hwang, CIS, Cal Poly Pomona
Secure Web Development
Software engineering is defined as "the application of a
approach to the development, operation, and maintenance of software, and the study of these approaches; that is, the application of
The term software engineering first appeared in the
Software Engineering Conference and was meant to provoke thought regarding the current "software crisis" at the time. Since then, it has continued as a profession and field of study dedicated to creating software that is of
quicker to build
Since the field is still relatively young compared to its sister fields of engineering, there is still much work and debate around what software engineering actually is, and if it deserves the title engineering.
Software engineering has grown organically out of the limitations of viewing software as just
are terms sometimes preferred by practitioners in the industry who view software engineering as too heavy-handed and constrictive to the malleable process of creating software.
Systems engineering is an interdisciplinary field of engineering that focuses on how complex engineering projects should be designed and managed.
Systems engineering deals with work-processes and tools to handle such projects, and it overlaps with both technical and human-centered disciplines such as control engineering and project management.
System Engineering vs. Software Engineering
Software engineering is a part of system engineering. System engineering deals with all aspects of computer-based system development.
System engineering is to identify the roles of hardware, software, people, database and other system elements involved with that system which is going to be developed. Software engineering is to tell the practicalities of developing and delivering useful software.
Security engineering is a specialized field of engineering that deals with the development of detailed
engineering plans and designs
for security features, controls and systems. Its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but with the added dimension of preventing misuse and malicious behavior. These constraints and restrictions are often asserted as a
Security engineering has existed as an informal field of study for several centuries. For example, the fields of
have been around for many years. Due to recent catastrophic events, most notably 9/11, security engineering has quickly become a rapidly growing field.
Security engineering involves aspects of social science, psychology, and economics, as well as physics, chemistry, mathematics, architecture and landscaping. In general, it encompasses three sub-fields:
: deter attackers from accessing a facility, resource, or information stored on physical media.
: protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access.
Economics of security
: the economic aspects of economics of privacy and computer security.
Information security means protecting
are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the
of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration.
Information security is concerned with the confidentiality, integrity and availability of data regardless of the form of the data (e.g., electronic, print, or others).
Computer security focuses on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Information assurance is the practice of managing
related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
Information assurance as a field has grown from the practice of information security which in turn grew out of practices and procedures of computer security.
Software Requirements Engineering
Requirements analysis in systems engineering and software engineering encompasses those tasks that go into determining the needs or conditions to meet for a new or altered product, taking account of the possibly conflicting requirements of the various stakeholders, analyzing, documenting, validating and managing software or system requirements.
Requirements engineering is critical to the success of a development project. Requirements must be actionable, measurable, testable, related to identified business needs or opportunities, and defined to a level of detail sufficient for system design.
Requirements can be
deals with the systematic approach to gathering software security requirements.
Application Security vs. Network Security
Network security attempts to solve issues with the
, and the
, while application security deals with the entire data processing stack including the
(data stores), the
(parameters), and the
(modules, programs, etc.) themselves.
There are some overlaps as the two need each other to meet enterprise information processing demands and share a common goal of protecting enterprise data.
For further reading:
A brief overview of web application security (Acunetix)
What is the difference between an Intrusion Prevention System and a Web Application Firewall? (SANS)
The Essential Guide to Vulnerability Scanning
Comparing/Contrasting Network and Application Security