Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology

Erdogan, Gencer; Meland, Per Håkon; Mathieson, Derek

doi:10.1007/978-3-642-13054-0_2

Cited by 12 publications

(13 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, security testing approaches for agile projects have especially been proposed for web applications [12,32] and service-oriented systems [15]. These cases show how it is possible to integrate security testing into agile software development for specific system types.…”

Section: Four Quadrants Of Agile Testingmentioning

confidence: 99%

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

Cruzes

Felderer

Oyetoyan

et al. 2017

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Abstract. Security testing can broadly be described as (1) the testing of security requirements that concerns confidentiality, integrity, availability, authentication, authorization, nonrepudiation and (2) the testing of the software to validate how much it can withstand an attack. Agile testing involves immediately integrating changes into the main system, continuously testing all changes and updating test cases to be able to run a regression test at any time to verify that changes have not broken existing functionality. Software companies have a challenge to systematically apply security testing in their processes nowadays. There is a lack of guidelines in practice as well as empirical studies in real-world projects on agile security testing; industry in general needs a more systematic approach to security. The findings of this research are not surprising, but at the same time are alarming. The lack of knowledge on security by agile teams in general, the large dependency on incidental pen-testers, and the ignorance in static testing for security are indicators that security testing is highly under addressed and that more efforts should be addressed to security testing in agile teams.

show abstract

Section: Four Quadrants Of Agile Testingmentioning

confidence: 99%

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

Cruzes

Felderer

Oyetoyan

et al. 2017

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

show abstract

“…Other approaches aiming for partly automated generation of test cases from various types of models can be found in [18,19], and a review of various model-based security testing techniques can be found in [20]. Agile security testing, proposed in [21], uses abuse stories or misuse cases as a starting point, thus having some resemblance with our approach, and in [22] it is further discussed how this can be fit into Scrum. These approaches have some similarities with ours in the initial part, having misuse cases as a possible starting point.…”

Section: Related Workmentioning

confidence: 95%

Extending HARM to make Test Cases for Penetration Testing

Vegendla

Søgaard

Sindre

2016

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Abstract. [Context and motivation] Penetration testing is one key technique for discovering vulnerabilities, so that software can be made more secure.[Question/problem] Alignment between modeling techniques used earlier in a project and the development of penetration tests could enable a more systematic approach to such testing, and in some cases also enable creativity. [Principal ideas/results] This paper proposes an extension of HARM (Hacker Attack Representation Method) to achieve a systematic approach to penetration test development.[Contributions] The paper gives an outline of the approach, illustrated by an e-exam case study.

show abstract

“…Studies [37][38][39][40][41][42][43][44][45][46][47] mentioned both agile methods and security. [48][49][50][51][52][53][54][55] and some other papers talk about information security.…”

Section: Q1: How Many Studies Mentioned Security In Agile Andmentioning

confidence: 99%

A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model

Arbain¹,

Ghani²,

Jeong

2014

Journal of Korean Society for Internet Information

View full text Add to dashboard Cite

Agile methodologies have gained recognition as efficient development processes through their quick delivery of software, even under time constraints. However, like other agile methods such as Scrum, Extreme Programming (XP) and The Dynamic Systems Development Method (DSDM), Feature Driven Development (FDD) has been criticized due to the unavailability of security elements in its twelve practices. In order to examine this matter more closely, we conducted a systematic literature review (SLR) and studied literature for the years 2001-2012. Our findings highlight that, in its current form, the FDD model partially supports the development of secure software. However, there is little research on this topic, as detailed information about the usage of secure software is rarely published. Thus, we have been able to conclude that the existing five phases of FDD have not been enough to develop secure software until recently. For this reason, security-based phase and practices in FDD need to be proposed.

show abstract

Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology

Cited by 12 publications

References 14 publications

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

Extending HARM to make Test Cases for Penetration Testing

A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model

Contact Info

Product

Resources

About