Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 18

Proceedings of the 2019 Federated Conference on Computer Science and Information Systems

Security-oriented agile approach with AgileSafe and OWASP ASVS

,

DOI: http://dx.doi.org/10.15439/2019F213

Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 875878 ()

Full text

Abstract. In this paper we demonstrate a security enhancing approach based on a method called AgileSafe that can be adapted to support the introduction of OWASP ASVS compliant practices focused on improving security level to the agile software development process. We also present results of two surveys evaluating selected agile inspired security practices that can be incorporated into an agile process. Based on the surveys' results, these practices were used as an input to AgileSafe method as well as to demonstrate their potential to comply with OWASP ASVS requirements

References

  1. "VersionOne® Releases 11th Annual State of Agile Report", VersionOne, 2017. [Online]. Available: https://www.versionone.com/about/press-releases/versionone-releases-11th-annual-state-of-agile-report/
  2. J. Manico, "OWASP Application Security Verification Standard," 2015.
  3. K. Łukasiewicz, J. Górski, "AgileSafe – a method of introducing agile practices into safety-critical software development processes," Proceedings of the Federated Conference on Computer Science, vol. Vol. 8, pp. 1549-1552, 2016.
  4. Agile Manifesto,. Manifesto for Agile Software Development. 2001 [online] Available at: http://agilemanifesto.org.
  5. K. Schwaber and M. Beedle, Agile software development with scrum. Upper Saddle River, N.J: Prentice Hall, 2002
  6. K. Beck and C. Andres, Extreme programming explained. Addison-Wesley Professional, 2004.
  7. D. Anderson, Kanban. Sequim: Blue Hole Press, 2010.
  8. J. Drobka, D. Noftz and R. Raghu, “Piloting XP on four mission-critical projects”. IEEE Softw., 21(6), pp.70-75, 2004
  9. M. Lindvall., D. Muthig, A/ Dagnino, C. Wallin, M. Stupperich, D. Kiefer, J. May & T. Kähkönen. “Agile Software Development in Large Organizations” in Computer, 37(12), pp. 26-34, 2004.
  10. R. Knaster, D. Leffingwell, SAFe Distilled: Applying the Scaled Agile Framework for Lean Software and Systems Engineering. Addison-Wesley Professional, 2017.
  11. J Kim, G., Willis, J., Debois, P., Humble, J., Allspaw, J. The DevOps Handbook. Trade Select, 2016.
  12. OWASP, "OWASP,", [Online]. Available https://www.owasp.org/index.php/Main_Page.
  13. OWASP users [Online] Available: https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=ASVS_Users
  14. World's Biggest Data Breaches & Hacks, 2019, [Online] Available: https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.
  15. K. Łukasiewicz “Method of selecting programming practices for the safety-critical software development projects,” Ph.D. dissertation, Dept. Soft. Eng., Gdańsk Univ. of Technology, Gdańsk, Poland, 2019.
  16. J Górski, J., Jarzębowicz, A., Leszczyna, R., Miler, J. and Olszewski, M. “Trust case: justifying trust in an IT solution”. Reliability Engineering & System Safety, 89(1), pp.33-47. 2005
  17. Musen, M.A. “The Protégé project: A look back and a look forward”. AI Matters. Association of Computing Machinery Specific Interest Group in Artificial Intelligence, 1(4), June 2015.
  18. J D. Mougouei, N. Fazlida, M. Sani, M. M. Almasi, "S-Scrum: a Secure Methodology for Agile Development of Web Services," World of Computer Science and Information Technology Journal (WCSIT), vol. 3, no. 1, pp. 15-19, 2013.
  19. J. Peeters, "Agile security requirements engineering." Symposium on Requirements Engineering for Information Security, 2005
  20. E. A. Fischer, "Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation," 2014
  21. G. Sindre, A. L. Opdahl, "Eliciting security requirements with misuse cases".
  22. L. Williams, A. Meneely, G. Shipley, "Protection Poker: The New Software Security “Game”".
  23. E. G. Aydal, R. F. Paige, H. Chivers, P. J. Brooke, "Security Planning and Refactoring in Extreme Programming"
  24. G. Boström, J. Wäyrynen, M. Bodén, K. Beznosov, P. Kruchten, "Extending XP Practices to Support Security Requirements Engineering"
  25. T. Nguyen, "Integrating Security into Agile Methodologies,", http://www.umsl.edu/~sauterv/analysis/F2015/Integrating%20Security%20into%20Agile%20methodologies.html.htm
  26. OWASP, "Agile Software Development: Don't Forget EVIL User Stories,", https://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories.
  27. C. Pohl, H.-J. Hof, "Secure Scrum: Development of Secure Software with Scrum," in SECURWARE 2015 : The Ninth International Conference on Emerging Security Information, Systems and Technologies, 2015
  28. NOR-STA project Portal . 2017. [online] Available at: www.nor-sta.eu