Agile Development of Secure Web-Based Applications

被引：4

作者：

Tappenden, A. F. ^{[1
]}

Huynh, T. ^{[1
]}

Miller, J. ^{[1
]}

Geras, A. ^{[2
]}

Smith, M. ^{[2
]}

机构：

[1] Univ Alberta, Edmonton, AB, Canada

[2] Univ Calgary, Calgary, AB, Canada

来源：

INTERNATIONAL JOURNAL OF INFORMATION TECHNOLOGY AND WEB ENGINEERING | 2006年 / 1卷 / 02期

关键词：

agile development; Internet security; Internet technologies; security threats; software architecture; software evaluation; Web architecture; Web-based applications;

D O I：

10.4018/jitwe.2006040101

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This article outlines a four-point strategy for the development of secure Web-based applications within an agile development framework and introduces strategies to mitigate security risks commonly present in Web-based applications. The proposed strategy includes the representation of security requirements as test cases supported by the open source tool FIT, the deployment of a highly testable architecture allowing for security testing of the application at all levels, the outlining of an extensive security testing strategy supported by the open source unit-testing framework HTTPUnit, and the introduction of the novel technique of security refactoring that transforms insecure working code into a functionally equivalent secure code. Today, many Web-based applications are not secure, and limited literature exists concerning the use of agile methods within this domain. It is the intention of this article to further discussions and research regarding the use of an agile methodology for the development of secure Web-based applications.

引用

页码：1 / 24

页数：24

共 50 条

[1] Web-based agile software development
Aoyama, M
[J]. IEEE SOFTWARE, 1998, 15 (06) : 56 - +
[2] Secure web-based applications with XML and RBAC
Yang, CG
Zhang, CN
[J]. IEEE SYSTEMS, MAN AND CYBERNETICS SOCIETY INFORMATION ASSURANCE WORKSHOP, 2003, : 276 - 281
[3] Developing secure Web-based medical applications
Gritzalis, S
Iliadis, J
Gritzalis, D
Spinellis, D
Katsikas, S
[J]. MEDICAL INFORMATICS AND THE INTERNET IN MEDICINE, 1999, 24 (01): : 75 - 90
[4] Approach of Agile Methodologies in the Development of Web-Based Software
Molina Rios, Jimmy
Pedreira-Souto, Nieves
[J]. INFORMATION, 2019, 10 (10)
[5] Secure data-transfer for web-based applications
Platzer, W
[J]. SECURE INFORMATION NETWORKS: COMMUNICATIONS AND MULTIMEDIA SECURITY, 1999, 23 : 291 - 302
[6] Facilitating agile model driven development and end-user development for evolving web-based workflow applications
Danny Liang, Xufeng
Makis Marmaridis, Loakim
Ginige, Athula
[J]. ICEBE 2007: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, PROCEEDINGS, 2007, : 231 - 238
[7] A Frictionless and Secure User Authentication in Web-Based Premium Applications
Olanrewaju, Rashidah F.
Khan, Burhan Ul Islam
Morshidi, Malik Arman
Anwar, Farhat
Kiah, Miss Laiha Binti Mat
[J]. IEEE ACCESS, 2021, 9 : 129240 - 129255
[8] Secure web-based communication
Mir, Nighat
Hussain, Sayed Afaq
[J]. WORLD CONFERENCE ON INFORMATION TECHNOLOGY (WCIT-2010), 2011, 3
[9] Guidelines for improving the development of web-based applications
Redouane, A
[J]. FOURTH INTERNATIONAL WORKSHOP ON WEB SITE EVOLUTION, PROCEEDINGS, 2002, : 93 - 93
[10] WHY MODERN MOBILE AND WEB-BASED DEVELOPMENT NEED A LEAN AGILE WEB APPROACH (LAWA)
Skrabalek, Jaroslav
Boehm, Christina
[J]. IDIMT-2013: INFORMATION TECHNOLOGY HUMAN VALUES, INNOVATION AND ECONOMY, 2013, 42 : 225 - 232

← 1 2 3 4 5 →