The objective of this research study is to develop secure and multi-functional software or web application with controlled complexity. The demand of software security in different IT sectors is the main focus of the present endeavor. The different design factors and their prioritization are the need and demand of the system. We have selected the case of banking software or application. Security assessment is an integral part of risk management practices which provides an analytical mechanism to control and integrate security features for valuable opinion during the design phase. The designing of secure software and the impact of security factor is adopted and evaluated by the Preference Ranking Organization Method for Enrichment Evaluation (PROMETHEE)-II method. The PROMETHEE-II methodology evaluates the impact of factors with respect to the design alternatives. The current priority is to work on the state-of-the-art security attributes or alternatives of software design. Decision makers are generally responsible for evaluating various responses within their technical or scientific jurisdiction and rank them accordingly. Fuzzy set theories are the most appropriate tools to provide results for modeling qualitative information because of their ability to handle the impreciseness that is common in rating alternatives. The proposed work highlights the effectiveness of fuzzy PROMETHEE-II method in this context. We have enlisted this methodology for comparing software security factors in design perspective by using linguistic variables. The quantitative analysis attempted in our study was highly accurate for evaluating the security attributes and ranking them as per their priority, particularly in the context of banking software design. The study concludes with the advantages of employing the Fuzzy PROMETHEE-II vis-à-vis the other methodologies in analyzing the software security in the context of design.

The main component of study is to confirm that how developed security model are helpful for security improvement of object oriented designs. Software refactoring is an essential activity during development and maintenance. It promotes the reengineering measures for improving quality and security of software. The researcher made an effort in this regard to develop security improvement guideline using refactoring activities for object oriented deign. The developed guidelines are helpful to control design complexity for improved security. A case study is adopted from refactoring example by fowler to implement the Security Improvement Guidelines (SIG). The developed Security Quantification Model (SQMOODC) is being used to calculate the quantified value of security at each step. The proposed model SQMOODC calculates the effective security index by ensuring that revised version of object oriented design is being influenced through security improvement guidelines. There is some possibility that original code segment may have some security flaws, anomalies and exploitable entities or vulnerable information that may influence security at design stage. SIG is helpful to cease the security flaws, anomalies, exploitable entities into refactored code segment. Each refactored steps of case study match the prediction of the impact for refactoring rules on security and the impact study for security through SQMOODC model legalize the effectiveness of developed model and security improvement guidelines. The validated results of statistical analysis with different case studies of object oriented designs reflect the usefulness and acceptability of developed models and guidelines.