Agile development of secure web applications

Authors:
Xiaocheng Ge;Richard F. Paige;Fiona A.C. Polack;Howard Chivers;Phillip J. Brooke
Affiliations:
University of York, York, UK;University of York, York, UK;University of York, York, UK;Cranfield University, Swindon, UK;University of Teesside, Middlesbrough: UK
Venue:
ICWE '06 Proceedings of the 6th international conference on Web engineering
Year:
2006

Citing 8
Cited 4

HDM—a model-based approach to hypertext application design

ACM Transactions on Information Systems (TOIS)
Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
A Practical Guide to Feature-Driven Development

A Practical Guide to Feature-Driven Development
Extending UML for Modeling Web Applications

HICSS '01 Proceedings of the 34th Annual Hawaii International Conference on System Sciences ( HICSS-34)-Volume 3 - Volume 3
The Rational Unified Process: An Introduction

The Rational Unified Process: An Introduction
Beyond Fear: Thinking Sensibly about Security in an Uncertain World

Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Agile security using an incremental security architecture

XP'05 Proceedings of the 6th international conference on Extreme Programming and Agile Processes in Software Engineering
SP 800-30. Risk Management Guide for Information Technology Systems

SP 800-30. Risk Management Guide for Information Technology Systems

Agile framework for globally distributed development environment (the DAD model)

AIC'08 Proceedings of the 8th conference on Applied informatics and communications
Requirement gathering and tracking process for distributed agile based development

AIC'08 Proceedings of the 8th conference on Applied informatics and communications
Security in migratory interactive web applications

Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
Building Secure Software Using XP

International Journal of Secure Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

A secure system is one that is protected against specific undesired outcomes.Delivering a secure system, and particularly a secure web application, is not easy.Integrating general-purpose information systems development methods withsecurity development activities could be a useful means to surmount thesedifficulties Agile processes, such as Extreme Programming, are of increasing interest insoftware development. Most significantly for web applications, agile processesencourage and embrace requirements change, which is a desirable characteristicfor web application development.In this paper, we present an agile process to deliver secure web applications.The contribution of the research is not the development of a new method or processthat addresses security concerns. Rather, we investigate general-purpose informationsystemdevelopment methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are(1) a process capable of dealing with the key challenges of web applicationsdevelopment, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.