Towards Agile Security in Web Applications |
Towards Agile Security in Web ApplicationsIn this paper, we present an approach that we have used to address security when running projects according to agile principles. Misuse stories have been added to user stories to capture malicious use of the application. Furthermore, misuse stories have been implemented as automated tests (unit tests, acceptance tests) in order to perform security regression testing. Penetration testing, system hardening and securing deployment have been started in early iterations of the project. Vidar Kongsli, Bekk Consulting AS
|