Skip to main content

Extreme Programming Security Practices

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 4536)

Abstract

Current practice suggests that security is considered through all stages of the software development life cycle, and that a risk-based and plan-driven approach is best suited to establish security criteria. Based on experience in applying security practices, this paper proposes two new security practices, security training and a fundamental security architecture, for applying Extreme Programming.

Keywords

  • Security Requirement
  • Software Project
  • User Story
  • Agile Method
  • Software Security

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-540-73101-6_42
  • Chapter length: 5 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-540-73101-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   84.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • Common criteria for information technology security evaluation, version 2.5. ISO/IEC 18405 (2005)

    Google Scholar 

  • Aydal, E.G., Paige, R.F., Chivers, H., Brooke, P.J.: Brooke. Security planning and refactoring in extreme programming. In: Abrahamsson, P., Marchesi, M., Succi, G. (eds.) XP 2006. LNCS, vol. 4044, pp. 154–163. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  • Baskerville, R.: Agile security for information warefare: a call for research. In: Proc. ECIS 2004, Turku, Finland (June 2004)

    Google Scholar 

  • Beck, K., Andres, C.: Extreme Programming Explained: Embrace Change. 2nd edn., Addison-Wesley, Reading (November 2004)

    Google Scholar 

  • Beznosov, K.: Extreme security engineering. In: Proc. BizSec Fairfax, VA (October 2003)

    Google Scholar 

  • Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57–65. Springer, Heidelberg (2005)

    Google Scholar 

  • Fowler, M.: Is design dead? (May 2004), http://www.martinfowler.com/articles/designDead.html

  • Graff, M., van Wyk, K.: Secure Coding, Principles, and Practices. O’Reilly (2002)

    Google Scholar 

  • Kumar, P.: J2EE Security for Servlets, EJBs, and Web Services. Prentice Hall PTR, Englewood Cliffs (2004)

    Google Scholar 

  • Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice Hall, Englewood Cliffs (1997)

    Google Scholar 

  • Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proc. 38th HICSS (2005)

    Google Scholar 

  • Tracy, M., Jansen, W., McLamon, M.: Guidelines on securing public web servers. Technical report, NIST 800-44 (September 2002)

    Google Scholar 

  • Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley, Reading (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Ge, X., Paige, R.F., Polack, F., Brooke, P. (2007). Extreme Programming Security Practices. In: Concas, G., Damiani, E., Scotto, M., Succi, G. (eds) Agile Processes in Software Engineering and Extreme Programming. XP 2007. Lecture Notes in Computer Science, vol 4536. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73101-6_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73101-6_42

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73100-9

  • Online ISBN: 978-3-540-73101-6

  • eBook Packages: Computer ScienceComputer Science (R0)