DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: Secure Coding During Agile Development?

  1. #1
    Join Date
    Jul 2014

    Secure Coding During Agile Development?

    I would like to ask the group for thoughts/experience with secure coding aspects while performing agile development. Within this context, secure coding is a part of software assurance that focuses on secure methods versus quality/performance (which I understand are not mutually exclusive from secure aspects). Typical agile development focuses on achieving a certain number of fully operational capabilities within the defined short development sprint. Secure coding is not necessarily a defined single capability, but rather a set of design/coding principles interwoven throughout development. Adding in agile development "secure coding" capabilities (recursive on previously developed capabilities) would appear to be bolt-on security versus baked-in security. Does the group have any thoughts or advice on this?

  2. #2
    Join Date
    Dec 2020
    Most approaches to developing secure applications in agile focus on a single foundational aspect: creating security-based user stories. Considering user stories are the drivers for sprint activities, it makes the most sense to include user stories that meet security goals. By adding comprehensive security-based user stories to the backlog, the agile process drives the inclusion of security in each sprint.

    For example, in addition to functional user stories in the form of “As a , I want so that ,” it is imperative to include user stories that address security-related roles. They could include user stories such as:

    As a hacker, I can input data that is too long and cause unexpected data to be returned
    As a hacker, I can send input that terminates a SQL query and adds additional SQL queries to return unauthorized data
    As an architect, I want to ensure all output is properly encoded
    There are many security-related user stories you could add to each sprint. The OWASP site contains an article about evil user stories, and the software assurance nonprofit SAFECode published a paper detailing many more types of security user stories and tasks. These are both great resources to get you started with adding security-centric user stories.

    The most important takeaway is to realize that just by adding security to user stories, you can make a dramatic impact on the security of your software development process in agile.

Similar Threads

  1. Replies: 0
    Last Post: 08-09-2010, 07:01 AM
  2. Agile
    By giudf in forum Architecture and Design
    Replies: 1
    Last Post: 04-29-2010, 10:10 PM
  3. How Is Agile Software Development Adopted?
    By martinig in forum Architecture and Design
    Replies: 13
    Last Post: 01-26-2007, 09:29 AM
  4. ANN: Agile Infrastructure
    By James McGovern in forum Database
    Replies: 0
    Last Post: 05-18-2003, 06:15 AM
  5. ANN: Agile Infrastructure
    By James McGovern in forum oracle.general
    Replies: 0
    Last Post: 05-18-2003, 06:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center
Latest Articles
Questions? Contact us.
Web Development
Latest Tips
Open Source

   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center