Cargando…
Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology
There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compar...
| Autores principales: | , |
|---|---|
| Lenguaje: | eng |
| Publicado: |
2010
|
| Materias: | |
| Acceso en línea: | https://dx.doi.org/10.1007/978-3-642-13054-0_2 http://cds.cern.ch/record/1359254 |
| _version_ | 1780922614848421888 |
|---|---|
| author | Erdogan, Gencer Mathieson, Derek |
| author_facet | Erdogan, Gencer Mathieson, Derek |
| author_sort | Erdogan, Gencer |
| collection | CERN |
| description | There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track. |
| id | cern-1359254 |
| institution | Organización Europea para la Investigación Nuclear |
| language | eng |
| publishDate | 2010 |
| record_format | invenio |
| spelling | cern-13592542019-09-30T06:29:59Zdoi:10.1007/978-3-642-13054-0_2http://cds.cern.ch/record/1359254engErdogan, GencerMathieson, DerekSecurity Testing in Agile Web Application Development - A Case Study Using the EAST MethodologyComputing and ComputersThere is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.oai:cds.cern.ch:13592542010 |
| spellingShingle | Computing and Computers Erdogan, Gencer Mathieson, Derek Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology |
| title | Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology |
| title_full | Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology |
| title_fullStr | Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology |
| title_full_unstemmed | Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology |
| title_short | Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology |
| title_sort | security testing in agile web application development - a case study using the east methodology |
| topic | Computing and Computers |
| url | https://dx.doi.org/10.1007/978-3-642-13054-0_2 http://cds.cern.ch/record/1359254 |
| work_keys_str_mv | AT erdogangencer securitytestinginagilewebapplicationdevelopmentacasestudyusingtheeastmethodology AT mathiesonderek securitytestinginagilewebapplicationdevelopmentacasestudyusingtheeastmethodology |