A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties .
Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development.
In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.
|Title of host publication||ICWE'06|
|Subtitle of host publication||The Sixth International Conference on Web Engineering|
|Publisher||Association for Computing Machinery (ACM)|
|Number of pages||8|
|ISBN (Print)||1595933522, 9781595933522|
|Publication status||Published - 2006|
|Event||The 6th International Conference on Web Engineering - Palo Alto, United States|
Duration: 11 Jul 2006 → 14 Jul 2006
Conference number: 6
|Name||ACM International Conference Proceeding Series (ICPS)|
|Publisher||Association for Computing Machinery|
|Conference||The 6th International Conference on Web Engineering|
|Period||11/07/06 → 14/07/06|