Online citations, reference lists, and bibliographies.
← Back to Search

Security Testing In Agile Web Application Development - A Case Study Using The EAST Methodology

Gencer Erdogan, P. H. Meland, D. Mathieson
Published 2010 · Engineering, Computer Science

Save to my Library
Download PDF
Analyze on Scholarcy Visualize in Litmaps
Reduce the time it takes to create your bibliography by a factor of 10 by using the world’s favourite reference manager
Time to take this seriously.
Get Citationsy
There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.
This paper references
The Agile Web Engineering (AWE) process
A. McDonald (2001)
Going Faster: Testing The Web Application
E. Hieatt (2002)
Knowledge management in software engineering
I. Rus (2002)
Testing Web applications
G. Lucca (2002)
Extreme Programming and Agile Processes in Software Engineering
H. Baumeister (2003)
Extreme Security Engineering: On Employing XP Practices to Achieve
K. Beznosov (2003)
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
R. Sandhu (2003)
Why Security Testing Is Hard
H. Thompson (2003)
Extreme Programming and Agile Methods - XP/Agile Universe 2004
C. Zannier (2004)
Eliciting security requirements with misuse cases
G. Sindre (2004)
Security Engineering and eXtreme Programming: An Impossible Marriage?
Jaana Nyfjord (2004)
Application Penetration Testing
H. Thompson (2005)
Agile security testing of Web-based systems via HTTPUnit
Andrew F. Tappenden (2005)
Integrating Security into Agile Development Methods
M. Siponen (2005)
Software Penetration Testing
B. Arkin (2005)
Agile Security Using an Incremental Security Architecture
Howard Chivers (2005)
The Art of Software Security Testing: Identifying Software Security Flaws
L. Nelson (2006)
Guest Editor's Introduction: The State of Web Security
M. Andrews (2006)
Agile development of secure web applications
X. Ge (2006)
An extended misuse case notation: Including vulnerabilities and the insider threat
Lillian Røstad (2006)
Testing Web-based applications: The state of the art and future trends
G. Lucca (2006)
Towards agile security in web applications
Vidar Kongsli (2006)
Some Trends in Web Application Development
M. Jazayeri (2007)
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?
D. Baca (2009)

This paper is referenced by
Moderator Factors of Software Security and Performance Verification
Victor Vidigal Ribeiro (2021)
Towards Practical Cybersecurity Mapping of STRIDE and CWE — a Multi-perspective Approach
Anne Honkaranta (2021)
Documentation of Quality Requirements in Agile Software Development
Woubshet Behutiye (2020)
How agile software development practitioners perceive the need for documenting quality requirements: a multiple case study
Woubshet Behutiye (2020)
How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams
Daniela Cruzes (2017)
Extending HARM to make Test Cases for Penetration Testing
Aparna Vegendla (2016)
Evaluation of the Challenges of Developing Secure Software Using the Agile Approach
H. Oueslati (2016)
Secure Feature Driven Development (SFDD) Model for Secure Software Development
N. Firdaus (2014)
Integrating Software Security into Agile-Scrum Method
I. Ghani (2014)
Integrating Software Security into Agile-Scrum Method
I. Ghani (2014)
A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model
Adila Firdaus Bt Arbain (2014)
Software security engineering in extreme programming methodology: a systematic literature review
I. Ghani (2013)
Risk-driv en Security Testing versus Test-driven Security Risk Analysis ⋆
Gencer Erdogan (2012)
Security backlog in Scrum security practices
Zulkarnain Azham (2011)
Practitioners' Perspectives on Security in Agile Development
Steffen Bartsch (2011)
Semantic Scholar Logo Some data provided by SemanticScholar