Agile Development of Secure Web Applications

Xiaocheng Ge, Richard F. Paige, Fiona A.C. Polack, Howard Chivers, Phillip J. Brooke

Research output: Chapter in Book/Report/Conference proceedingConference contribution

30 Citations (Scopus)

Abstract

A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties [6].

Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development. 

In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

Original languageEnglish
Title of host publicationICWE'06
Subtitle of host publicationThe Sixth International Conference on Web Engineering
PublisherAssociation for Computing Machinery (ACM)
Pages305-312
Number of pages8
ISBN (Print)1595933522, 9781595933522
DOIs
Publication statusPublished - 2006
Externally publishedYes
EventThe 6th International Conference on Web Engineering - Palo Alto, United States
Duration: 11 Jul 200614 Jul 2006
Conference number: 6
https://dl.acm.org/doi/proceedings/10.1145/1145581

Publication series

NameACM International Conference Proceeding Series (ICPS)
PublisherAssociation for Computing Machinery

Conference

ConferenceThe 6th International Conference on Web Engineering
Abbreviated titleICWE'06
CountryUnited States
CityPalo Alto
Period11/07/0614/07/06
Internet address

Fingerprint Dive into the research topics of 'Agile Development of Secure Web Applications'. Together they form a unique fingerprint.

  • Cite this

    Ge, X., Paige, R. F., Polack, F. A. C., Chivers, H., & Brooke, P. J. (2006). Agile Development of Secure Web Applications. In ICWE'06: The Sixth International Conference on Web Engineering (pp. 305-312). (ACM International Conference Proceeding Series (ICPS)). Association for Computing Machinery (ACM). https://doi.org/10.1145/1145581.1145641