Online citations, reference lists, and bibliographies.

Security Testing In Agile Web Application Development - A Case Study Using The EAST Methodology

Gencer Erdogan, Per Håkon Meland, D. Mathieson
Published 2010 · Computer Science, Engineering

Cite This
Download PDF
Analyze on Scholarcy
Share
There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.
This paper references
10.1007/s00766-004-0194-4
Eliciting security requirements with misuse cases
G. Sindre (2004)
10.1109/MSECP.2003.1219078
Why Security Testing Is Hard
H. Thompson (2003)
10.1109/FOSE.2007.26
Some Trends in Web Application Development
M. Jazayeri (2007)
The Agile Web Engineering (AWE) process
A. McDonald (2001)
Extreme Security Engineering: On Employing XP Practices to Achieve
K. Beznosov (2003)
10.1109/52.991333
Going Faster: Testing The Web Application
E. Hieatt (2002)
10.1109/ICSM.2002.1167787
Testing Web applications
G. Lucca (2002)
10.1016/j.infsof.2006.06.006
Testing Web-based applications: The state of the art and future trends
G. Lucca (2006)
10.1109/MS.2002.1003450
Knowledge management in software engineering
I. Rus (2002)
10.1109/MSP.2005.3
Application Penetration Testing
H. Thompson (2005)
The Art of Software Security Testing: Identifying Software Security Flaws
L. Nelson (2006)
10.1109/ARES.2009.163
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?
D. Baca (2009)
10.1145/1145581.1145641
Agile development of secure web applications
Xiaocheng Ge (2006)
10.1007/978-3-540-27777-4_12
Security Engineering and eXtreme Programming: An Impossible Marriage?
Jaana Nyfjord (2004)
10.1109/HICSS.2005.329
Integrating Security into Agile Development Methods
M. Siponen (2005)
10.1109/MIC.2003.1167341
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
R. Sandhu (2003)
An extended misuse case notation: Including vulnerabilities and the insider threat
Lillian Røstad (2006)
10.1007/b99820
Extreme Programming and Agile Methods - XP/Agile Universe 2004
C. Zannier (2004)
10.1109/MSP.2006.88
Guest Editor's Introduction: The State of Web Security
M. Andrews (2006)
10.1109/ADC.2005.11
Agile security testing of Web-based systems via HTTPUnit
Andrew F. Tappenden (2005)
10.1007/11499053_7
Agile Security Using an Incremental Security Architecture
Howard Chivers (2005)
10.1109/MSP.2005.23
Software Penetration Testing
B. Arkin (2005)
10.1145/1176617.1176727
Towards agile security in web applications
Vidar Kongsli (2006)
10.1007/3-540-44870-5
Extreme Programming and Agile Processes in Software Engineering
H. Baumeister (2003)



This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar