Security-oriented agile approach with AgileSafe and OWASP ASVS
Katarzyna Łukasiewicz, Sara Cygańska
Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 875–878 (2019)
Abstract. In this paper we demonstrate a security enhancing approach based on a method called AgileSafe that can be adapted to support the introduction of OWASP ASVS compliant practices focused on improving security level to the agile software development process. We also present results of two surveys evaluating selected agile inspired security practices that can be incorporated into an agile process. Based on the surveys' results, these practices were used as an input to AgileSafe method as well as to demonstrate their potential to comply with OWASP ASVS requirements
- "VersionOne® Releases 11th Annual State of Agile Report", VersionOne, 2017. [Online]. Available: https://www.versionone.com/about/press-releases/versionone-releases-11th-annual-state-of-agile-report/
- J. Manico, "OWASP Application Security Verification Standard," 2015.
- K. Łukasiewicz, J. Górski, "AgileSafe – a method of introducing agile practices into safety-critical software development processes," Proceedings of the Federated Conference on Computer Science, vol. Vol. 8, pp. 1549-1552, 2016.
- Agile Manifesto,. Manifesto for Agile Software Development. 2001 [online] Available at: http://agilemanifesto.org.
- K. Schwaber and M. Beedle, Agile software development with scrum. Upper Saddle River, N.J: Prentice Hall, 2002
- K. Beck and C. Andres, Extreme programming explained. Addison-Wesley Professional, 2004.
- D. Anderson, Kanban. Sequim: Blue Hole Press, 2010.
- J. Drobka, D. Noftz and R. Raghu, “Piloting XP on four mission-critical projects”. IEEE Softw., 21(6), pp.70-75, 2004
- M. Lindvall., D. Muthig, A/ Dagnino, C. Wallin, M. Stupperich, D. Kiefer, J. May & T. Kähkönen. “Agile Software Development in Large Organizations” in Computer, 37(12), pp. 26-34, 2004.
- R. Knaster, D. Leffingwell, SAFe Distilled: Applying the Scaled Agile Framework for Lean Software and Systems Engineering. Addison-Wesley Professional, 2017.
- J Kim, G., Willis, J., Debois, P., Humble, J., Allspaw, J. The DevOps Handbook. Trade Select, 2016.
- OWASP, "OWASP,", [Online]. Available https://www.owasp.org/index.php/Main_Page.
- OWASP users [Online] Available: https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=ASVS_Users
- World's Biggest Data Breaches & Hacks, 2019, [Online] Available: https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.
- K. Łukasiewicz “Method of selecting programming practices for the safety-critical software development projects,” Ph.D. dissertation, Dept. Soft. Eng., Gdańsk Univ. of Technology, Gdańsk, Poland, 2019.
- J Górski, J., Jarzębowicz, A., Leszczyna, R., Miler, J. and Olszewski, M. “Trust case: justifying trust in an IT solution”. Reliability Engineering & System Safety, 89(1), pp.33-47. 2005
- Musen, M.A. “The Protégé project: A look back and a look forward”. AI Matters. Association of Computing Machinery Specific Interest Group in Artificial Intelligence, 1(4), June 2015.
- J D. Mougouei, N. Fazlida, M. Sani, M. M. Almasi, "S-Scrum: a Secure Methodology for Agile Development of Web Services," World of Computer Science and Information Technology Journal (WCSIT), vol. 3, no. 1, pp. 15-19, 2013.
- J. Peeters, "Agile security requirements engineering." Symposium on Requirements Engineering for Information Security, 2005
- E. A. Fischer, "Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation," 2014
- G. Sindre, A. L. Opdahl, "Eliciting security requirements with misuse cases".
- L. Williams, A. Meneely, G. Shipley, "Protection Poker: The New Software Security “Game”".
- E. G. Aydal, R. F. Paige, H. Chivers, P. J. Brooke, "Security Planning and Refactoring in Extreme Programming"
- G. Boström, J. Wäyrynen, M. Bodén, K. Beznosov, P. Kruchten, "Extending XP Practices to Support Security Requirements Engineering"
- T. Nguyen, "Integrating Security into Agile Methodologies,", http://www.umsl.edu/~sauterv/analysis/F2015/Integrating%20Security%20into%20Agile%20methodologies.html.htm
- OWASP, "Agile Software Development: Don't Forget EVIL User Stories,", https://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories.
- C. Pohl, H.-J. Hof, "Secure Scrum: Development of Secure Software with Scrum," in SECURWARE 2015 : The Ninth International Conference on Emerging Security Information, Systems and Technologies, 2015
- NOR-STA project Portal . 2017. [online] Available at: www.nor-sta.eu