Building Secure Software Using XP

Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for security design and development; security is usually an afterthought activity. This paper discusses the integration of XP with security activities based on the CLASP Comprehensive Lightweight Application Security Process methodology. This integration will help developers using XP develop secure software by applying security measures in all phases and activities, thereby minimizing the security vulnerabilities exploited by attackers.

[1]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[2]  Rogério Atem de Carvalho,et al.  Handbook of Research on Software Engineering and Productivity Technologies: Implications of Globalization , 2009 .

[3]  Mohammad Zulkernine,et al.  Monitoring Buffer Overflow Attacks: A Perennial Task , 2010, Int. J. Secur. Softw. Eng..

[4]  Seok-Won Lee,et al.  Assimilating and Optimizing Software Assurance in the SDLC: A Framework and Step-Wise Approach , 2010, Int. J. Secur. Softw. Eng..

[5]  Mark C. Paulk,et al.  Extreme Programming from a CMM Perspective , 2001, IEEE Softw..

[6]  Stijn Hoppenbrouwers,et al.  Applying AHP for Collaborative Modeling Evaluation: Experiences from a Modeling Experiment , 2013, Int. J. Inf. Syst. Model. Des..

[7]  Martin Gilje Jaatun,et al.  Agile Software Development: The Straight and Narrow Path to Secure Software? , 2010, Int. J. Secur. Softw. Eng..

[8]  Katsuro Inoue,et al.  Putting a TAG on Software: Purchaser-Centered Software Engineering , 2010 .

[9]  Damianos Gavalas,et al.  Mobile Tourist Applications: Design Criteria, Status, and Trends , 2012 .

[10]  Paulo S. C. Alencar,et al.  Handbook of Research on Mobile Software Engineering: Design, Implementation, and Emergent Applications , 2012 .

[11]  Pascal Bouvry,et al.  Trust based interdependency weighting for on-line risk monitoring in interdependent critical infrastructures , 2011, 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[12]  D. M. Ha,et al.  A gentle introduction , 2006 .

[13]  William H. Allen,et al.  The ISDF Framework: Towards Secure Software Development , 2010, J. Inf. Process. Syst..

[14]  John Krogstie Frameworks for Developing Efficient Information Systems: Models, Theory, and Practice , 2013 .

[15]  Uzma Raja,et al.  Predicting OSS Development Success: A Data Mining Approach , 2011, Int. J. Inf. Syst. Model. Des..

[16]  Richard Sinn Software Security Technologies , 2007 .

[17]  John Viega Building security requirements with CLASP , 2005, SOEN.

[18]  Seyed-Hassan Mirian-Hosseinabadi,et al.  Integrating software development security activities with agile methodologies , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[19]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[20]  Wouter Joosen,et al.  On the Secure Software Development Process: CLASP and SDL Compared , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[21]  Amrit Tiwana Incremental cross-generation versioning in decomposable Internet software products: opportunities for knowledge management in ISD , 2001 .

[22]  Richard F. Paige,et al.  Agile development of secure web applications , 2006, ICWE '06.

[23]  A.-U.-H. Yasar,et al.  Best practices for software security: An overview , 2008, 2008 IEEE International Multitopic Conference.

[24]  Abhinav Rastogi,et al.  Secure Coding: Building Security into the Software Development Life Cycle , 2004, Inf. Secur. J. A Glob. Perspect..

[25]  Philippe Kruchten,et al.  Extending XP practices to support security requirements engineering , 2006, SESS '06.

[26]  George Rzevski,et al.  A Strategy for Managing Complexity of the Global Market and Prototype Real-Time Scheduler for LEGO Supply Chain , 2013, Int. J. Softw. Innov..