Agile Development of Secure Web Applications

Xiaocheng Ge, Richard F. Paige, Fiona A.C. Polack, Howard Chivers, Phillip J. Brooke

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

36 Citations (Scopus)


A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties [6].

Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development. 

In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

Original languageEnglish
Title of host publicationICWE'06
Subtitle of host publicationThe Sixth International Conference on Web Engineering
PublisherAssociation for Computing Machinery (ACM)
Number of pages8
ISBN (Print)1595933522, 9781595933522
Publication statusPublished - 2006
Externally publishedYes
EventThe 6th International Conference on Web Engineering - Palo Alto, United States
Duration: 11 Jul 200614 Jul 2006
Conference number: 6

Publication series

NameACM International Conference Proceeding Series (ICPS)
PublisherAssociation for Computing Machinery


ConferenceThe 6th International Conference on Web Engineering
Abbreviated titleICWE'06
Country/TerritoryUnited States
CityPalo Alto
Internet address


Dive into the research topics of 'Agile Development of Secure Web Applications'. Together they form a unique fingerprint.

Cite this