By the same authors

Agile development of secure web applications

Research output: Contribution to conferencePaper



Publication details

DatePublished - 2006
Number of pages7
Original languageUndefined/Unknown


A secure system is one that is protected against specific undesired outcomes.Delivering a secure system, and particularly a secure web application, is not easy.Integrating general-purpose information systems development methods withsecurity development activities could be a useful means to surmount thesedifficulties Agile processes, such as Extreme Programming, are of increasing interest insoftware development. Most significantly for web applications, agile processesencourage and embrace requirements change, which is a desirable characteristicfor web application development.In this paper, we present an agile process to deliver secure web applications.The contribution of the research is not the development of a new method or processthat addresses security concerns. Rather, we investigate general-purpose informationsystemdevelopment methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are(1) a process capable of dealing with the key challenges of web applicationsdevelopment, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

Discover related content

Find related publications, people, projects, datasets and more using interactive charts.

View graph of relations