A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties .
Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development.
In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.
|Title of host publication
|Subtitle of host publication
|The Sixth International Conference on Web Engineering
|Association for Computing Machinery (ACM)
|Number of pages
|Published - 2006
|The 6th International Conference on Web Engineering - Palo Alto, United States
Duration: 11 Jul 2006 → 14 Jul 2006
Conference number: 6
|ACM International Conference Proceeding Series (ICPS)
|Association for Computing Machinery
|The 6th International Conference on Web Engineering
|11/07/06 → 14/07/06