Agile development of secure web applications

Ge, Xiaocheng; Paige, Richard F.; Polack, Fiona; Chivers, Howard; Brooke, Phillip J.

doi:10.1145/1145581.1145641

Cited by 47 publications

(30 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, there are no definite guidelines on how to develop the above mentioned methodologies precisely. [11] Software development process still remains the center focus and that is why Ge et al (2006) has discussed the risk analysis and feature centered development process to talk about the security of the web application process and its development. [12] Risk analysis and web assessment is the process which has been fused together to give a better security approach to web development application process.…”

Section: Security Engineering Process Integrated During Design Phase mentioning

confidence: 99%

“…[11] Software development process still remains the center focus and that is why Ge et al (2006) has discussed the risk analysis and feature centered development process to talk about the security of the web application process and its development. [12] Risk analysis and web assessment is the process which has been fused together to give a better security approach to web development application process. The FDD (Frequency Division Duplex) is the aspect which is more driven to the built and design of the web application development process rather than the entire process.…”

Section: Security Engineering Process Integrated During Design Phase mentioning

confidence: 99%

See 1 more Smart Citation

A Study of major secure SDLC processes in web based applications

Mohanty¹,

Mohapatra²,

Patnaik³

2018

IJET

View full text Add to dashboard Cite

Web applications have become important but there are different types of security problems which could lead to tampering with details. The most common are cookies poisoning, structured query language, cross-site scripting and parameter tempering. This is the reason why most of the web companies today are verifying the type of content they receive and most importantly, from where the contents are originated. It has been thus noted from the above deduction that the major security threat has nothing to do with the Secure Socket Layer rather other layers in the web development program. In order to avoid such threats and other vulnerabilities, initial stages of the web development cycle need to be taken care of. Thus, the main focus of this research paper is to come up with a framework that would help to strengthen the security of the various stages in the web development cycle. For the same, various modules and life cycles have been used.

show abstract

Section: Security Engineering Process Integrated During Design Phase mentioning

confidence: 99%

Section: Security Engineering Process Integrated During Design Phase mentioning

confidence: 99%

A Study of major secure SDLC processes in web based applications

Mohanty¹,

Mohapatra²,

Patnaik³

2018

IJET

View full text Add to dashboard Cite

show abstract

“…(5) Domain consider in a particular paper. [19], [20].It has been observed that out total50% of the studies consider integration of security in agile generally, while 15% in Scrum, 23% in XP, only 12% in FDD and no study mention any mechanism for security integration in DSDM(see graph 3). These agile practices are included in this literature study because they are considered as popular among researchers and practitioners.…”

Section: Rq1 What Types Of Approaches Are Being Suggested For the Pumentioning

confidence: 99%

A Review of Security Integration Technique in Agile Software Development

Khaim¹,

Naz²,

Abbas³

et al. 2016

IJSEA

View full text Add to dashboard Cite

Agile software development has gained a lot of popularity in the software industry due to its iterative and incremental approach as well as user involvement. Agile has also been criticized due to lack of its ability to deliver secure software. In this paper, extensive literature has been performed, in order to highlight the existing security issues in agile software development. Majority of challenges reported in literature, occurred due to lack of involvement of security expert. Improving security of a software system without damaging the real essence of Agile can achieved with the continuous involvement of security engineer throughout development lifecycle with its defined role and responsibilities.

show abstract

“…A next step is to integrate security methods with an agile model. Ge et al [12] integrate feature-driven development and high-profile security methods, namely risk analysis, to address the development of secure web applications. Baca and Carlsson identify security activities from three SE processes; Microsoft SDL, Cigital touchpoints and Common Criteria [3,9].…”

Section: Related Workmentioning

confidence: 99%

Identification and Evaluation of Security Activities in Agile Projects

2013

View full text Add to dashboard Cite

Abstract.We compare four high-profile waterfall security-engineering processes (CLASP, Microsoft SDL, Cigital Touchpoints and Common Criteria) with the available preconditions within agile processes. Then, using a survey study, agile security activities are identified and evaluated by practitioners from large companies, e.g. software and telecommunication companies. Those activities are compared and a specific security engineering process is suggested for an agile process setting that can provide high benefit with low integration cost.

show abstract

Agile development of secure web applications

Cited by 47 publications

References 6 publications

A Study of major secure SDLC processes in web based applications

A Study of major secure SDLC processes in web based applications

A Review of Security Integration Technique in Agile Software Development

Identification and Evaluation of Security Activities in Agile Projects

Contact Info

Product

Resources

About