Agile Development of Secure Web Applications

Xiaocheng Ge; Richard F. Paige; Fiona A.C. Polack; Howard Chivers; Phillip J. Brooke

doi:10.1145/1145581.1145641

Agile Development of Secure Web Applications

Xiaocheng Ge, Richard F. Paige, Fiona A.C. Polack, Howard Chivers, Phillip J. Brooke

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

42 Citations (Scopus)

Abstract

A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties [6].

Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development.

In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

Original language	English
Title of host publication	ICWE'06
Subtitle of host publication	The Sixth International Conference on Web Engineering
Publisher	Association for Computing Machinery (ACM)
Pages	305-312
Number of pages	8
ISBN (Print)	1595933522, 9781595933522
DOIs	https://doi.org/10.1145/1145581.1145641
Publication status	Published - 2006
Externally published	Yes
Event	The 6th International Conference on Web Engineering - Palo Alto, United States Duration: 11 Jul 2006 → 14 Jul 2006 Conference number: 6 https://dl.acm.org/doi/proceedings/10.1145/1145581

Publication series

Name	ACM International Conference Proceeding Series (ICPS)
Publisher	Association for Computing Machinery

Conference

Conference	The 6th International Conference on Web Engineering
Abbreviated title	ICWE'06
Country/Territory	United States
City	Palo Alto
Period	11/07/06 → 14/07/06
Internet address	https://dl.acm.org/doi/proceedings/10.1145/1145581

Access to Document

10.1145/1145581.1145641Licence: Unspecified

Cite this

@inproceedings{8b2965e31bb84fd3b2a7de7590ac47a8,

title = "Agile Development of Secure Web Applications",

abstract = "A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties [6].Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development. In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.",

keywords = "Feature driven development, Security risk assessment, Web applications",

author = "Xiaocheng Ge and Paige, {Richard F.} and Polack, {Fiona A.C.} and Howard Chivers and Brooke, {Phillip J.}",

year = "2006",

doi = "10.1145/1145581.1145641",

language = "English",

isbn = "1595933522",

series = "ACM International Conference Proceeding Series (ICPS)",

publisher = "Association for Computing Machinery (ACM)",

pages = "305--312",

booktitle = "ICWE'06",

address = "United States",

note = "The 6th International Conference on Web Engineering, ICWE'06 ; Conference date: 11-07-2006 Through 14-07-2006",

url = "https://dl.acm.org/doi/proceedings/10.1145/1145581",

}

Ge, X, Paige, RF, Polack, FAC, Chivers, H & Brooke, PJ 2006, Agile Development of Secure Web Applications. in ICWE'06: The Sixth International Conference on Web Engineering. ACM International Conference Proceeding Series (ICPS), Association for Computing Machinery (ACM), pp. 305-312, The 6th International Conference on Web Engineering, Palo Alto, California, United States, 11/07/06. https://doi.org/10.1145/1145581.1145641

Agile Development of Secure Web Applications. / Ge, Xiaocheng; Paige, Richard F.; Polack, Fiona A.C. et al.
ICWE'06: The Sixth International Conference on Web Engineering. Association for Computing Machinery (ACM), 2006. p. 305-312 (ACM International Conference Proceeding Series (ICPS)).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Agile Development of Secure Web Applications

AU - Ge, Xiaocheng

AU - Paige, Richard F.

AU - Polack, Fiona A.C.

AU - Chivers, Howard

AU - Brooke, Phillip J.

N1 - Conference code: 6

PY - 2006

Y1 - 2006

N2 - A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties [6].Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development. In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

AB - A secure system is one that is protected against specific undesired outcomes. Delivering a secure system, and particularly a secure web application, is not easy. Integrating general-purpose information systems development methods with security development activities could be a useful means to surmount these difficulties [6].Agile processes, such as Extreme Programming, are of increasing interest in software development. Most significantly for web applications, agile processes encourage and embrace requirements change, which is a desirable characteristic for web application development. In this paper, we present an agile process to deliver secure web applications. The contribution of the research is not the development of a new method or process that addresses security concerns. Rather, we investigate general-purpose information system development methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are (1) a process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

KW - Feature driven development

KW - Security risk assessment

KW - Web applications

UR - http://www.scopus.com/inward/record.url?scp=34250689142&partnerID=8YFLogxK

U2 - 10.1145/1145581.1145641

DO - 10.1145/1145581.1145641

M3 - Conference contribution

AN - SCOPUS:34250689142

SN - 1595933522

SN - 9781595933522

T3 - ACM International Conference Proceeding Series (ICPS)

SP - 305

EP - 312

BT - ICWE'06

PB - Association for Computing Machinery (ACM)

T2 - The 6th International Conference on Web Engineering

Y2 - 11 July 2006 through 14 July 2006

ER -

Agile Development of Secure Web Applications

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this