PENETRATION TESTING IN AGILE SOFTWARE DEVELOPMENT PROJECTS


PENETRATION TESTING IN AGILE SOFTWARE DEVELOPMENT PROJECTS

Martin Tomanek and Tomas Klima

Department of Systems Analysis, University of Economics, Prague, Czech Republic

ABSTRACT

 In this research paper the authors propose how the agile software development framework Scrum can be enriched by considering the penetration tests and related security requirements during the software development lifecycle. Authors apply in this paper the knowledge and expertise from their previous work focused on development of the new information system penetration tests methodology PETA with focus on using COBIT 4.1 as the framework for management of these tests, and on previous work focused on tailoring the project management framework PRINCE2 with Scrum. The security managers may benefit from the iterative software development approach and penetration tests automation. The developers and users will better understand the importance of the penetration tests and they will learn how to effectively embed the tests into the agile development lifecycle.

KEYWORDS

Agile Development, Penetration, Test, Scrum, Project Management, Software

SOURCE URL

https://wireilla.com/papers/ijcis/V5N1/5115ijcis01.pdf

MORE DETAILS

https://wireilla.com/ijcis/vol5.html











Comments

Post a Comment

Popular posts from this blog

Image
 # communication protocol # bandwidth #wirelessnetworks #mobilenetworks #cryptography #wirelesscomputing #mobilecomputing #adhocsensornetworks # telecommunications # network service Submit Your Research Articles ...!!! 15th International Conference on Wireless & Mobile Networks (WiMoNe 2023) June 17 ~ 18, 2023, Sydney, Australia Webpage URL - https://cseit2023.org/wimone/index Submission Deadline    :    April 08,2023 Submission  URL - https://cseit2023.org/submission/index.php Contact Us : wimone@cseit2023.org
Read more

A DEFENSE MECHANISM FOR CREDIT CARD FRAUD DETECTION

Image
A DEFENSE MECHANISM FOR CREDIT CARD FRAUD DETECTION   M.Sasirekha , Sumaiya Thaseen   and Saira Banu School of Computing Science and Engineering, VIT University, Tamil Nadu, India. ABSTRACT Computer security is one of the key areas where lot of research is being done. Many intrusion detection techniques are proposed to ensure the network security, protect network resources and network infrastructures. Intrusion detection systems (IDS) attempt to detect attacks by gathering network data and analyze the information from various areas to identify the possible intrusions. This paper proposes a defense mechanism combining three approaches such as anomaly, misuse and decision making model to produce better detection accuracy and a decreased false positive rate. The defense mechanism can be built to detect the attacks in credit card system using Hidden Markov approach in the anomaly detection module. The credit card holder’s behaviours are taken as attributes and t...
Read more

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT

Image
DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT  Alexander Beck, Jens Graupmann, Frank Ortmeier Computer Systems in Engineering, Otto-von-Guericke-University, Magdeburg, Germany  ABSTRACT  The paper proposes a method based on different security-related factors to dynamically calculate the validity period of digital certificates. Currently validity periods are most often defined statically without scientific justification. This approach is not sufficient to objectively consider the actual need for security. Therefore the approach proposed in this paper considers relevant security criteria in order to calculate a meaningful validity period for digital certificates. This kind of security assessment can be executed periodically in order to dynamically respond to changing conditions. Especially in the context of complex systems and infrastructures that have an increased need for security, privacy and availab...
Read more