Abstract
The COVID-19 pandemic has significantly increased the usage of mobile applications across various
industries, leading development teams to prioritise security throughout the software development
lifecycle. Given the complexity of secure mobile application development, teams use a variety of
approaches to integrate security into a secure software development framework. A secure software
development framework is structured into multiple phases and activities that guide development teams in
creating secure mobile applications. These phases and activities enable teams to build the application
incrementally, focusing on security at each step. Several secure development frameworks are available,
including the Secure Software Development Lifecycle (S-SDLC), Secure Agile, and DevSecOps, each
providing a framework for integrating security practices throughout the software development lifecycle.
There is a lack of clear guidance for software developers in ensuring the security of mobile applications.
Traditionally, development teams rely on a combination of established software development best
practices, team expertise, and informal processes accumulated over the years. Frameworks like OWASP,
NIST, and MITRE ATT&CK, along with approaches like DevSecOps, can serve as solid foundations for
embedding security in mobile application development. As software developers decide how and when
various guidelines, standards and practices are applied to the different stages of the development life
cycle, ad-hoc approaches emerge, leading to potential vulnerabilities in various stages of the
development life cycle. While software development frameworks and best practices contribute to
implementing technical security measures, they fail to address crucial aspects such as ensuring a team
with security skills, standardised approaches to implement security for mobile applications and fostering
collaboration across different companies. Ideally, the secure development of mobile applications requires
a dedicated software development framework tailored to the specific security needs of mobile
applications.
The research conducted in this thesis proposes a secure software development framework for mobile
applications called Londoloza. The Londoloza framework stipulates phases and activities to assist
development teams in creating secure mobile applications. The framework also provides various unique
documents to assist organisations and development teams. In conclusion, an expert evaluation affirms
that the Londoloza framework successfully meets the research objective, attesting to its effectiveness
and alignment with the intended goals.