Online citations, reference lists, and bibliographies.

Security Testing In Agile Web Application Development - A Case Study Using The EAST Methodology

Gencer Erdogan, Per Håkon Meland, D. Mathieson
Published 2010 · Computer Science, Engineering

Cite This
Download PDF
Analyze on Scholarcy
There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.
This paper references
Eliciting security requirements with misuse cases
G. Sindre (2004)
Why Security Testing Is Hard
H. Thompson (2003)
Some Trends in Web Application Development
M. Jazayeri (2007)
The Agile Web Engineering (AWE) process
A. McDonald (2001)
Extreme Security Engineering: On Employing XP Practices to Achieve
K. Beznosov (2003)
Going Faster: Testing The Web Application
E. Hieatt (2002)
Testing Web applications
G. Lucca (2002)
Testing Web-based applications: The state of the art and future trends
G. Lucca (2006)
Knowledge management in software engineering
I. Rus (2002)
Application Penetration Testing
H. Thompson (2005)
The Art of Software Security Testing: Identifying Software Security Flaws
L. Nelson (2006)
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?
D. Baca (2009)
Agile development of secure web applications
Xiaocheng Ge (2006)
Security Engineering and eXtreme Programming: An Impossible Marriage?
Jaana Nyfjord (2004)
Integrating Security into Agile Development Methods
M. Siponen (2005)
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
R. Sandhu (2003)
An extended misuse case notation: Including vulnerabilities and the insider threat
Lillian Røstad (2006)
Extreme Programming and Agile Methods - XP/Agile Universe 2004
C. Zannier (2004)
Guest Editor's Introduction: The State of Web Security
M. Andrews (2006)
Agile security testing of Web-based systems via HTTPUnit
Andrew F. Tappenden (2005)
Agile Security Using an Incremental Security Architecture
Howard Chivers (2005)
Software Penetration Testing
B. Arkin (2005)
Towards agile security in web applications
Vidar Kongsli (2006)
Extreme Programming and Agile Processes in Software Engineering
H. Baumeister (2003)

This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar