Online citations, reference lists, and bibliographies.
← Back to Search

Security Testing In Agile Web Application Development - A Case Study Using The EAST Methodology

Gencer Erdogan, P. H. Meland, D. Mathieson
Published 2010 · Engineering, Computer Science

Save to my Library
Download PDF
Analyze on Scholarcy Visualize in Litmaps
Share
Reduce the time it takes to create your bibliography by a factor of 10 by using the world’s favourite reference manager
Time to take this seriously.
Get Citationsy
There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.
This paper references
The Agile Web Engineering (AWE) process
A. McDonald (2001)
10.1109/52.991333
Going Faster: Testing The Web Application
E. Hieatt (2002)
10.1109/MS.2002.1003450
Knowledge management in software engineering
I. Rus (2002)
10.1109/ICSM.2002.1167787
Testing Web applications
G. Lucca (2002)
10.1007/3-540-44870-5
Extreme Programming and Agile Processes in Software Engineering
H. Baumeister (2003)
Extreme Security Engineering: On Employing XP Practices to Achieve
K. Beznosov (2003)
10.1109/MIC.2003.1167341
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
R. Sandhu (2003)
10.1109/MSECP.2003.1219078
Why Security Testing Is Hard
H. Thompson (2003)
10.1007/b99820
Extreme Programming and Agile Methods - XP/Agile Universe 2004
C. Zannier (2004)
10.1007/s00766-004-0194-4
Eliciting security requirements with misuse cases
G. Sindre (2004)
10.1007/978-3-540-27777-4_12
Security Engineering and eXtreme Programming: An Impossible Marriage?
Jaana Nyfjord (2004)
10.1109/MSP.2005.3
Application Penetration Testing
H. Thompson (2005)
10.1109/ADC.2005.11
Agile security testing of Web-based systems via HTTPUnit
Andrew F. Tappenden (2005)
10.1109/HICSS.2005.329
Integrating Security into Agile Development Methods
M. Siponen (2005)
10.1109/MSP.2005.23
Software Penetration Testing
B. Arkin (2005)
10.1007/11499053_7
Agile Security Using an Incremental Security Architecture
Howard Chivers (2005)
The Art of Software Security Testing: Identifying Software Security Flaws
L. Nelson (2006)
10.1109/MSP.2006.88
Guest Editor's Introduction: The State of Web Security
M. Andrews (2006)
10.1145/1145581.1145641
Agile development of secure web applications
X. Ge (2006)
An extended misuse case notation: Including vulnerabilities and the insider threat
Lillian Røstad (2006)
10.1016/j.infsof.2006.06.006
Testing Web-based applications: The state of the art and future trends
G. Lucca (2006)
10.1145/1176617.1176727
Towards agile security in web applications
Vidar Kongsli (2006)
10.1109/FOSE.2007.26
Some Trends in Web Application Development
M. Jazayeri (2007)
10.1109/ARES.2009.163
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?
D. Baca (2009)



This paper is referenced by
Moderator Factors of Software Security and Performance Verification
Victor Vidigal Ribeiro (2021)
10.23919/FRUCT52173.2021.9435453
Towards Practical Cybersecurity Mapping of STRIDE and CWE — a Multi-perspective Approach
Anne Honkaranta (2021)
10.1145/3383219.3383245
Documentation of Quality Requirements in Agile Software Development
Woubshet Behutiye (2020)
10.1109/SEAA51224.2020.00025
How agile software development practitioners perceive the need for documenting quality requirements: a multiple case study
Woubshet Behutiye (2020)
10.1007/978-3-319-57633-6_13
How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams
Daniela Cruzes (2017)
10.1007/978-3-319-39564-7_24
Extending HARM to make Test Cases for Penetration Testing
Aparna Vegendla (2016)
10.4018/IJSSE.2016010102
Evaluation of the Challenges of Developing Secure Software Using the Agile Approach
H. Oueslati (2016)
10.1016/J.SBSPRO.2014.03.712
Secure Feature Driven Development (SFDD) Model for Secure Software Development
N. Firdaus (2014)
10.3837/tiis.2014.02.019
Integrating Software Security into Agile-Scrum Method
I. Ghani (2014)
10.3837/TIIS.2014.02.0019
Integrating Software Security into Agile-Scrum Method
I. Ghani (2014)
10.7472/JKSII.2014.15.1.13
A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model
Adila Firdaus Bt Arbain (2014)
Software security engineering in extreme programming methodology: a systematic literature review
I. Ghani (2013)
Risk-driv en Security Testing versus Test-driven Security Risk Analysis ⋆
Gencer Erdogan (2012)
10.1109/MYSEC.2011.6140708
Security backlog in Scrum security practices
Zulkarnain Azham (2011)
10.1109/ARES.2011.82
Practitioners' Perspectives on Security in Agile Development
Steffen Bartsch (2011)
Semantic Scholar Logo Some data provided by SemanticScholar