Security Testing from Agile Perspective.
Security testing from perspective of scrum development
Rudra Prasad Tripathy
Ph.D. scholar, Utkal university
Technical architect, JDA india software(P) Ltd.
Hyderabad,India
Rudra1in@yahoo.com
Ranjit Kumar Panda
Senior Engineer, MindTree Limited
Bangalore, India panda.ranjitkumar@gmail.com Abstract— We are trying to show how security testing plays predominant role in secured development and through agile methodology-particularly scrum is a suitable development process.
Keywords-scrum;security testing.
1. Introduction
Application security is in attention for last few years where security no more allures to network security and transcen. Security testing is also crux of secured development though it’s not getting its due importance. In this paper we would discuss issues involved in security testing in traditional software development lifecycle approach like waterfall and would compare with scrum methodology, which is a agile methodology to see how it would smoothen few issues and would facilitate security testing. We would take cross-side scripting as the example to illustrate the study.
1.1What is security testing?
Application security would basically deals with the situation to try to break the software as what an attacker would do. This is different from traditional testing because of following idiosyncratic features.
a.Traditional testing doesn’t deal with what happens if it fails, where as security testing objective to break the system and would play a role of antagonist. Hence it requires dexterity and experience to draw suitable test cases apart from tools and frameworks..
b.This would be part of risk management and hence need to reckon the cost involved. We may need to define adequate security [1] parlance to application’s business domain and value proposition aimed at. For example definition of adequate security a online credit card application and online healthcare system would differ. Hence prioritization and budgeting of resources are
Rudra Prasad Tripathy
Ph.D. scholar, Utkal university
Technical architect, JDA india software(P) Ltd.
Hyderabad,India
Rudra1in@yahoo.com
Ranjit Kumar Panda
Senior Engineer, MindTree Limited
Bangalore, India panda.ranjitkumar@gmail.com Abstract— We are trying to show how security testing plays predominant role in secured development and through agile methodology-particularly scrum is a suitable development process.
Keywords-scrum;security testing.
1. Introduction
Application security is in attention for last few years where security no more allures to network security and transcen. Security testing is also crux of secured development though it’s not getting its due importance. In this paper we would discuss issues involved in security testing in traditional software development lifecycle approach like waterfall and would compare with scrum methodology, which is a agile methodology to see how it would smoothen few issues and would facilitate security testing. We would take cross-side scripting as the example to illustrate the study.
1.1What is security testing?
Application security would basically deals with the situation to try to break the software as what an attacker would do. This is different from traditional testing because of following idiosyncratic features.
a.Traditional testing doesn’t deal with what happens if it fails, where as security testing objective to break the system and would play a role of antagonist. Hence it requires dexterity and experience to draw suitable test cases apart from tools and frameworks..
b.This would be part of risk management and hence need to reckon the cost involved. We may need to define adequate security [1] parlance to application’s business domain and value proposition aimed at. For example definition of adequate security a online credit card application and online healthcare system would differ. Hence prioritization and budgeting of resources are
References: 1]Bruce Potter and McGraw Gary, “Software Security Testing” [Article], IEEE Security and Privacy. 2004. pp. 32-35. 2]C.E. Landwehr et al., “A Taxonomy of Computer Program Security Flaws,with Examples”, tech. report NRL/FR/5542—93/9591, Naval Research Laboratory, Nov. 1993. 3]Allen Julia, Barnum Sean, Ellison Robert, McGraw Gary and Mead Nancy. “Software Security: A Guide for Project Managers”, Addison-Wesley, 2008. 4]Steve Lipner,Michael Howard,”The Trustworthy Computing Security Development Lifecycle”,Security Engineering and Communications Security Business and Technology Unit,Microsoft Corporation, March 2005. 5]Noopur Davis,”Secure Software Development Life Cycle Processes”, Software Engineering Institute ,2009. 6]K Tsipenyuk, B Chess, G McGraw - IEEE Security & Privacy Magazine, 2005 7]OWASP Top Ten Most Critical Web Application Security Vulnerabilities, http://www.owasp.org/documentation/topten.html 8]http://www.parosproxy.org 9]http://www.blackhat.com/presentations/bh-dc-10/Sullivan_Bryan/BlackHat-DC-2010-Sullivan-SDL-Agile-wp.pdf