Agile development of secure web applications

ICWE'06: The Sixth International Conference on Web Engineering

Volumn , Issue , 2006, Pages 305-312

  Ge, Xiaocheng ^a   Paige, Richard F ^a   Polack, Fiona A C ^a   Chivers, Howard ^b   Brooke, Phillip J ^c  

^a UNIVERSITY OF YORK   (United Kingdom)

^b CRANFIELD UNIVERSITY   (United Kingdom)

^c TEESSIDE UNIVERSITY   (United Kingdom)

Author keywords

Feature driven development; Security risk assessment; Web applications

Indexed keywords

INFORMATION SYSTEMS; REQUIREMENTS ENGINEERING; RISK ASSESSMENT; SECURITY OF DATA; SOFTWARE DESIGN;

FEATURE DRIVEN DEVELOPMENT; MATURE SECURITY METHODS; SECURITY RISK ASSESSMENT; WEB APPLICATIONS;

WEB SERVICES;

EID: 34250689142     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1145581.1145641     Document Type: Conference Paper

References (21)

1. Agile Manifesto, http://agilemanifesto.org.
2. SSADM-CRAMM subject guide for SSADM version 3 and GRAMM version 2. Technical report, Central Computer and Telecommunications Agency, IT Security and Privacy Group., 1991.
3. CRAMM. Technical Report http://www.cramm.com, Insight Consulting Limited, 2003.
4. E. Aydal. Extreme programming and refactoring for building secure web-based applications and web services. MSc in Software Engineering Thesis, Computer Science Department, University of York, 2005.
5. L. Baresi, F. Garzotto, and P. Paolini. Extending UML for modeling web applications. In Proceeding of 34th Annual Hawaii International Conference on System Sciences (HICSS-34)-Volume 3, Maui, Hawaii, USA, January 2001. IEEE.
6. R. Baskerville. Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25(4):375-414, 1993.
7. K. Beznosov. extreme Security Engineering. In Proceeding of First ACM BizSec Workshop, Fairfax VA, USA, October 2003.
8. CERT Coordination Centre. Operationally critical threat, asset, and vulnerability evaluation (OCTAVE). Technical Report http://www.cert.org/octave/, Software Engineering Institute, CERT Coordination Centre, 2003.
9. H. Chivers. Security and systems engineering. Technical Report YCS378, Department of Computer Science, University of York, June 1994.
10. H. Chivers, R. Paige, and X. Ge. Agile security using an incremental security architecture. In Proceeding of the Sixth International Conference on eXtreme Programming and Agile Processes in Software Engineering (XP2005), Spring-Verlag LNCS 3556, pages 57-65, Sheffield, UK, 2005.
11. F. Garzotto, P. Paolini, and D. Schwabe. HDM model-based approach to hypertext application design. ACM Trans. Inf. Syst., 11(1): 1-26, 1993.
12. M. Goodland and C. Slater. SSADM Version 4: A Practical Approach. McGRAW-HILL Book Company Europe, 1995.
13. T. Grance, J. Hash, and M. Stevens. Security considerations in the information system development life cycle. Technical report, National Institute of Standards and Technology (NIST), Special Publication 800-64, October 2003. (revision 1 released June 2004).
14. B. S. Institution. Information security mangement part 2: Specification for information security management systems. Technical report, BS 7799-2:1999, 1999.
15. P. Kruchten. The Rational Unified Process: an Introduction. Addison-Wesley, 2003.
16. G. R. Lifia, H. Schmid, and F. Lyardet. Engineering business processes in web applications: Modeling and navigation issues. In Proceeding of 3ird International Workshop on Web-Oriented Software Technologies, IWWOST'03, July 2003.
17. A. McDonald and R. Welland. Agile web engineering (AWE) process. Technical report, Department of Computer Science, University of Glasgow, UK, December 2001.
18. R. Paige, J. Cakic, X. Ge, and H. Chivers. Towards agile reengineering of dependable grid applications. In Proceeding of 17th International Conference of Software and System Engineering and Their Applications (ICSSEA), CNAM, Paris, November 2004.
19. S. R. Palmer and J. M. Felsing. A Practical Guide to Feature-Driven Development. Prentice Hall, 2002.
20. B. Schenier. Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Copernicus Books, 2003.
21. G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology systems. Technical report, National Institute of Standards and Technology (NIST), Special Publication 800-30, July 2002.