A Proposed Approach for Security Testing of Scrum-based Software Projects

Authors

  • Ehab Mohamed Abdel Wahab Author

DOI:

https://doi.org/10.59992/j55vtg64

Keywords:

Security Testing, Scrum, Security Threats, Cybercrime, Vulnerabilities, Agile Methods, Software Projects

Abstract

Agile software development methods are characterized by adapting to changing customer requirements and delivering software products in less time. Scrum is one of the most common agile development methods that are used in large software companies like HP, Yahoo, Google, etc. Scrum achieves advantages in time and cost, but it may fail in producing software that has good security properties. The weakness in security properties may be due to the lack of a clear security standard or framework that can be adopted from the beginning of the project. In addition, several studies mentioned that most security vulnerabilities that were left in software during development processes cause threats and cybercrimes. The paper proposes a Scrum security approach that focuses on testing the security of software in Scrum projects. Moreover, the proposed approach can help the team to enhance the security of the software product, minimize the risk of threats, and reduce the cost of fixing software bugs.

Author Biography

  • Ehab Mohamed Abdel Wahab

    Master of Information Systems, Arab Academy for Science, Technology and Maritime Transport, Egypt

References

[1] D. Turk, R. France and B. Rumpe, "Assumptions Underlying Agile Software-Development Processes", Journal of Database Management, vol. 16, no. 4, pp. 62-87, 2005.

[2] M. Tomanek and T. Klima, "Penetration Testing in Agile Software Development Projects", International Journal on Cryptography and Information Security, vol. 5, no. 1, pp. 01-07, 2015.

[3] K. Schwaber, and J. Sutherland, "The scrum guide, The Definitive Guide to Scrum: The Rules of the Game", (1991st–2013th Ed.). Scrum.org

[4] A. Vaha-Sipila, "Product Security Risk Management in Agile Product Management", Stockholm, Sweden, 2010.

[5] "Agile Security Successful Application Security Testing for Agile Development", white paper, Veracode, Inc, 2010.

[6] I. Ghani and Izzaty Yasin, "Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review", Sci.Int. (Lahore), 25 (2), P.P. 215-221, 2013.

[7] Microsoft MSDN, "Definition of a Security Vulnerability", 2016. [Online]. Available: https://msdn.microsoft.com/en-us/library/cc751383.aspx. [Accessed: 13- Jan- 2016].

[8] Y. Shin and Laurie Williams, "Is Complexity Really the Enemy of Software Security?", ACM QoP 08, October 27 2008

[9] "NVD - Statistics Results", 2016. [Online]. Available: https://web.nvd.nist.gov/view/vuln/statistics-results?adv_search=true&cves=on&pub_date_start_month=0&pub_date_start_year=2000&pub_date_end_month=11&pub_date_end_year=2015. [Accessed: 13- Jan- 2016].

[10] A. Broström, "Integrating Automated Security Testing in the Agile Development Process", KTH Royal Institute of Technology, Stockholm, Sweden, 2015.

[11] "2015 Cost of Cyber Crime Study: Global", by Ponemon Institute, October 2015.

[12] Sonia and Singhal, "Integration Analysis of Security Activities from the Perspective of Agility", International Conference on Agile and Lean Software Methods, Bengaluru, India, February 17–19 (2012).

[13] I. Chowdhury, M. Zulkernine, "Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities", Journal of Systems Architecture, vol. 57, Issue 3, pp. 294–313, March 2011

[14] C. Pohland, H. Hof, "Secure Scrum: Development of Secure Software with Scrum", arXiv preprint: 1507.02992, 2015.

[15] A. Josang and M. odegaard, E. Oftedal, "Cybersecurity Through Secure Software Development", 9th World Conference on Information Security Education (WISE9), Hamburg, May 2015.

[16] S. Jurimae, "A Literature Survey of the Development Processes for Secure Software", Bachelor’s Thesis, Faculty of Mathematics and Computer Science, University of Tartu 2015.

[17] D. Mougouei, N. Fazlida, M. Sani and M. Almasi, “S-Scrum: A Secure Methodology for Agile Development of Web Services", World of Computer Science and Information Technology Journal (WCSIT), ISSN: 2221-0741, Vol. 3, No. 1, PP. 15-19, 2013.

[18] I. Ghani1, Z. Azham and S. Jeong, "Integrating Software Security into Agile-Scrum Method", Ksii Transactions on Internet and Information Systems, vol. 8, no. 2, February 2014.

[19] Sonia and Singhal, "An Evaluation Approach: Measuring Effectiveness of Security Activities", ICDMW 2013, PP. 202–210, 2013.

[20] Owasp.org, "Web Application Penetration Testing - OWASP", 2016. [Online]. Available: https://www.owasp.org/index.php/Web_Application_Penetration_Testing. [Accessed: 19- Jan- 2016].

[21] Cigital, "Third Party Security for Apps & Software", 2016. [Online]. Available: https://www.cigital.com/solutions/by-security-need/third-party-security/. [Accessed: 01- Feb- 2016].

Downloads

Published

2023-04-15

Issue

Section

Articles

How to Cite

A Proposed Approach for Security Testing of Scrum-based Software Projects. (2023). The International Journal for Scientific Research, 2(4). https://doi.org/10.59992/j55vtg64