CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

A Security Testing Framework for Scrum based Projects

by Nagy Ramadan Darwish, Ihab Mohamed Abdelwahab
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 138 - Number 7
Year of Publication: 2016
Authors: Nagy Ramadan Darwish, Ihab Mohamed Abdelwahab
10.5120/ijca2016908928

Nagy Ramadan Darwish, Ihab Mohamed Abdelwahab . A Security Testing Framework for Scrum based Projects. International Journal of Computer Applications. 138, 7 ( March 2016), 12-17. DOI=10.5120/ijca2016908928

@article{ 10.5120/ijca2016908928,
author = { Nagy Ramadan Darwish, Ihab Mohamed Abdelwahab },
title = { A Security Testing Framework for Scrum based Projects },
journal = { International Journal of Computer Applications },
issue_date = { March 2016 },
volume = { 138 },
number = { 7 },
month = { March },
year = { 2016 },
issn = { 0975-8887 },
pages = { 12-17 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume138/number7/24390-2016908928/ },
doi = { 10.5120/ijca2016908928 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:39:02.640815+05:30
%A Nagy Ramadan Darwish
%A Ihab Mohamed Abdelwahab
%T A Security Testing Framework for Scrum based Projects
%J International Journal of Computer Applications
%@ 0975-8887
%V 138
%N 7
%P 12-17
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Agile software development methods are characterized by adapting to changing customer requirements and delivering software products in less time. Scrum is one of the most common agile development methods that are used in large software companies like HP, Yahoo, Google, etc. Scrum achieves advantages in time and cost but they may fail in producing software that has good security properties. The weakness in security properties may due to the lack of clear security standard or framework that can be adopted from the beginning of the project. In addition, several studies mentioned that most security vulnerabilities that were left in software during development processes cause threats and cybercrimes. The paper proposes a Scrum security framework that focuses on testing the security of software in Scrum projects. Moreover, the proposed framework can help the team to enhance the security of the software product, minimize the risk of threats, and reduce the cost of fixing the software bugs.

References
  1. D. Turk, R. France and B. Rumpe, "Assumptions Underlying Agile Software-Development Processes", Journal of Database Management, vol. 16, no. 4, pp. 62-87, 2005.
  2. M. Tomanek and T. Klima, "Penetration Testing in Agile Software Development Projects", International Journal on Cryptography and Information Security, vol. 5, no. 1, pp. 01-07, 2015.
  3. K. Schwaber, and J. Sutherland, "The scrum guide, The Definitive Guide to Scrum: The Rules of the Game", (1991st–2013th Ed.). Scrum.org
  4. A. Vaha-Sipila, "Product Security Risk Management in Agile Product Management", Stockholm, Sweden, 2010.
  5. "Agile Security Successful Application Security Testing for Agile Development", white paper, Veracode, Inc, 2010.
  6. I. Ghani and Izzaty Yasin, "Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review", Sci.Int. (Lahore), 25 (2), P.P. 215-221, 2013.
  7. Microsoft MSDN, "Definition of a Security Vulnerability", 2016. [Online]. Available: https://msdn.microsoft.com/en-us/library/cc751383.aspx. [Accessed: 13- Jan- 2016].
  8. Y. Shin and Laurie Williams, "Is Complexity Really the Enemy of Software Security?", ACM QoP 08, October 27 2008
  9. "NVD - Statistics Results", 2016. [Online]. Available: https://web.nvd.nist.gov/view/vuln/statistics-results?adv_search=true&cves=on&pub_date_start_month=0&pub_date_start_year=2000&pub_date_end_month=11&pub_date_end_year=2015. [Accessed: 13- Jan- 2016].
  10. A. Broström, "Integrating Automated Security Testing in the Agile Development Process", KTH Royal Institute of Technology, Stockholm, Sweden, 2015.
  11. "2015 Cost of Cyber Crime Study: Global", by Ponemon Institute, October 2015.
  12. Sonia and Singhal, "Integration Analysis of Security Activities from the Perspective of Agility", International Conference on Agile and Lean Software Methods, Bengaluru, India, February 17–19 (2012).
  13. I. Chowdhury, M. Zulkernine, "Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities", Journal of Systems Architecture, vol. 57, Issue 3, pp. 294–313, March 2011
  14. C. Pohland, H. Hof, "Secure Scrum: Development of Secure Software with Scrum", arXiv preprint: 1507.02992, 2015.
  15. A. Josang and M. odegaard, E. Oftedal, "Cybersecurity Through Secure Software Development", 9th World Conference on Information Security Education (WISE9), Hamburg, May 2015.
  16. S. Jurimae, "A Literature Survey of the Development Processes for Secure Software", Bachelor’s Thesis, Faculty of Mathematics and Computer Science, University of Tartu 2015.
  17. D. Mougouei, N. Fazlida, M. Sani and M. Almasi, “S-Scrum: A Secure Methodology for Agile Development of Web Services", World of Computer Science and Information Technology Journal (WCSIT), ISSN: 2221-0741, Vol. 3, No. 1, PP. 15-19, 2013.
  18. I. Ghani1, Z. Azham and S. Jeong, "Integrating Software Security into Agile-Scrum Method", Ksii Transactions on Internet and Information Systems, vol. 8, no. 2, February 2014.
  19. Sonia and Singhal, "An Evaluation Approach: Measuring Effectiveness of Security Activities", ICDMW 2013, PP. 202–210, 2013.
  20. Owasp.org, "Web Application Penetration Testing - OWASP", 2016. [Online]. Available: https://www.owasp.org/index.php/Web_Application_Penetration_Testing. [Accessed: 19- Jan- 2016].
  21. Cigital, "Third Party Security for Apps & Software", 2016. [Online]. Available: https://www.cigital.com/solutions/by-security-need/third-party-security/. [Accessed: 01- Feb- 2016].
Index Terms

Computer Science
Information Sciences

Keywords

Security Framework Scrum Security Threat Cybercrime Vulnerabilities Software Development.

Powered by PhDFocusTM