A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT

International Journal of Software Engineering & Applications (IJSEA), Vol.7, No.3, May 2016
DOI : 10.5121/ijsea.2016.7304 49
A REVIEW OF SECURITY INTEGRATION
TECHNIQUE IN AGILE SOFTWARE
DEVELOPMENT
Raja Khaim1
, Saba Naz*1
, Fakhar Abbas2
,Naila Iqbal3
, Memoona Hamayun5
1,2,3,4
University Institute of Information Technology, PMAS University,
Rawalpindi Pakistan
ABSTRACT
Agile software development has gained a lot of popularity in the software industry due to its iterative and
incremental approach as well as user involvement. Agile has also been criticized due to lack of its ability to
deliver secure software. In this paper, extensive literature has been performed, in order to highlight the
existing security issues in agile software development. Majority of challenges reported in literature,
occurred due to lack of involvement of security expert. Improving security of a software system without
damaging the real essence of Agile can achieved with the continuous involvement of security engineer
throughout development lifecycle with its defined role and responsibilities.
KEYWORDS
Agile development, Agile Security Development
1. INTRODUCTION
Agile practices have a significant impact in developing software in recent few years [1]. A fair
amount of affirmative response has been noted from organizations [2] that use agile practices.
These practices are quite popular for producing evolving software’s [3]. Agile practices are
related to improved product quality, customer satisfaction, and developer productivity than
traditional waterfall practices [4]. Over the period of time one of significant concern is software
security. Up to certain level security is successfully integrated in traditional development by
developers [5], but there is some serious criticism of agile development methodology to produce
less secure software’s [6], [7].
Acceptance of changing requirements, favoring regular deliveries, and exclusion of security
engineering activities make secure software development challenging using agile methodology
[8].This leads agile practices reiteration in respect of making secure software, which negatively
affects project timeline, considerable increase in costs, and decreased customer belief and
satisfaction, which in the end diminishes the notion of these practices as agile [9]. These

50
characteristics serve as the foundation of serious criticism on agile methods to produce unsecure
software’s.
In this study the analysis of related work is mostly revealed about the issues of integration of
security in agile. This paper presents the systematic review of techniques, methods for security
integration in agile. Existing techniques and methods have been scrutinized that have not
impressively produced any significance review or survey based on this particular topic. For
supposed investigations, Systematic literature review SLR technique has been used. Keeping in
view of these investigations, a thorough exploration has been executed. The organization of the
paper is: Sec. 2 includes the literature review, Sec. 3 includes the materials and methods, Sec. 4
includes the results and inferences, Sec. 5 includes the discussion and Sec. 6 includes
conclusions.
2. RELATED WORK
The aim of this section is to elaborate the literature done on incorporating security in agile.
Various methods are considered with different approaches to conduct surveys on incorporating
security in agile.
Review on extreme programming was conducted by Ghani and Yasin [1]. They study literature
related to the extreme programming with the perspective of security and they had observed that
extreme programming partly supports integrating of security in it. Few of researchers worked on
these topics, still comprehensive information regarding their outcome and usage was not
published yet. They had concluded that the existing extreme programming practices are not
adequate in term of security, hence new XP practices based upon security require to be proposed.
Sani [9] conducted a literature survey on DSDM in term of security incorporated in it. From
literature they had spotted that currently DSDM lack behind in providing support for secure
development of software’s. They find that only a single paper discuss about security integration
in DSDM and no work done yet by the researchers for secure software development via DSDM.
And their intention is to enhance current DSDM model so that it can support secure development.
Ghani [10] performed a survey on it model that had been proposed by them for secure software
development using DSDM in order to validate their model. After collecting, analyzing,
comparing the results they had concluded that their model is very much beneficial in developing
secure software using their enhanced DSDM model.
Adila[11] presented an extensive survey on feature driven development aim of literature survey is
to study feature driven development with the intensions to produce a secure software. They find
that there is no reputable research in respect of feature driven development and its integration
with security and finally they had summarized that there is a need of revised feature driven model
that can facilitate the secure development of software without compromising agile manifesto.
Oustlati [12] conducted a systematic review of agile development methodology and elaborates the
challenges its face while developing secure software. They found 20 challenges in 10 studies and
categorize them and founded that 14 out 20 challenges are valid in respect of agile methodology
and 6 are invalid in case of agile principles. They concluded that secure software development
using agile quite challenges, there is a lot of space for researchers to work in this area.

51
Othmane [13] performed systematic review, and this review is just a mere extension of [12]
above mentioned review. Parameters and results of both reviews are almost same but the
difference exists between [12] and [13] is of the number of papers selected for both reviews, in
[13] number of papers are double as comparable to paper selected by [12].
From above literature, it is extracted that the majority of studies focus on a particular agile
practice such as XP, DSDM, FDD in their reviews[1, 10, 9, 11]. And their focus is to identify that
how much work is regarding security integration in agile or in particular agile practices and
secondly scope of some studies [12, 13] are limited to fewer number of research papers. Although
reviews performed in [41, 44] are very systematic but not much systematic in term of agile
practices. The Intention of this study is to perform a comprehensive literature which is not limited
to any specific agile practice and this study will take into account of all agile practices rather than
to some specific practice of agile. Considering all agile practices in regards of secure software
development in a systematic manner make our study unique from above mentioned studies.
3. METHODOLOGY
In this literature study, research methodology followed is Systematic Literature Review. A SLR is
a mechanism of identifying, understanding and estimating complete existing research interrelated
to a specific research query, topic area or matter of consideration. SLR involves following steps
such as planning stage, conducting stage and reporting stage [14] complete procedure shown in
(Fig.1). A unique research study facilitating a systematic review and known as primary research
studies whereas a systematic review is a kind of secondary study.
The necessity for the systematic study (Step 1), the communal causes are:
• To precise the relevant research work evidences significant in term of incorporating
security in agile.
• In order to mined out gaps in current research and to enhanced proposed parts for further
investigation.
• Systematic reviews may be exercised to study the degree to which experimental evidence
promotes/negate suppositions, or even to promote the development of novel theories. A
search experiment was conducted recording the subsequent searched strings in ACM
digital library, Springer and IEEE Xplore. The literature obtained from the string
searching may possibly be helpful in discovering a trend for the software development
and verification &validation of the preferred search items and the desirable protocols.
((“Incorporating Security” OR “Integrated Software Security” OR “Secure Software
Development” OR “Software Security”) AND (“Agile Practices” OR “Dynamic Systems
Development Method” OR “Extreme Programming” OR “Feature Driven Development”)
AND (“Challenges” OR “Issues”)).

52
• The research questions (Step 2) in section (3.1) indicate what should be extracted from
the selected studies.
Figure 1: SLR Process
3.1 . Research Questions
(Staples, M. and Niazi, M.2007) [15]: encouraged the searching criteria that are being considered
in order to assure the research papers quality and to exclude non-relevant work. The R. questions
discussed in the work are as under:
RQ1. What types of approaches are being suggested for the purpose of security incorporation in
agile and its practices?

53
RQ2. What is the role of Security expert/ Engineer in these approaches?
RQ3. What kind of challenges emerges while incorporating security in agile and its practices?
The purpose of (Step 3) the protocol review ensures to overcome likely investigator’s bias that
will allow duplication in the study (Kitchen ham, 2007) [14]. In (Step 4,) the evaluation of
protocol and the aid of drill in executing studies systematically by scholars. Depends on opinion
and collected knowledge during the development, we repeatedly advanced the evaluation
structure. The brief of the conclusive protocol is presented in sec. 3.2 to sec. 3.5.
3.2 Search Strategy
We adapted the procedure proposed in (as shown in Fig.2) for the selection of work. From the
questions for research, we extracted the key-phrases for the mining. In order to validate the
strings quality used for searching, we conducted a sample search on, IEEE Xplore, Science Direct
and Google Scholar.
Figure 2: Search Strategy

54
3.3 Study Selection Criteria
The vital aspects for concluding as primary study is data elaboration, depictingthat the studies to
be used that are related to our key-phrases that are similar to those described in the test
searchingis calculated shown in (Table.1) and therefore answering the research questions. So, all
papers on incorporating security in agile and its practices will be incorporated.We eliminated
non-English data that is books, text and presentations. We ignored material that was not included
in our searched strings and non-relevant data to security in agile development and studies that do
not satisfy agile development practices.
Table 1: Criteria for Selection Study
Selection Of study papers left
Based on complete text 45
Based on Abstract 69
Based on title 102
Based on searched strings 172
3.4 Study Selection Procedure
The study selection procedure (Step 5) was performed for the collection of a related analysis of
the selection criteria between the investigators that organized the review. The selection criteria
were implemented to the title and the abstract and essentially, for the complete text of the papers
of the related area. As an experiment, we solely evaluated 69 randomly selected studies from a
search conducted in ACM, Google Scholar, Springer and IEEE Xplore.
We documented the unclear explanation of the questions and selection principles on which the
judgment for selection was exclusively grounded upon. We found total 45 papers, applying
searching string, that have data interrelated to incorporating security in agile and its practices (as
show n in Graph 1). We rejected documents that have emphasis on other domains than our related
area of study. We aggregated needed sections from the papers to enhance the inferences towards
success in finding incorporating security in agile (as shown in Fig.3). In addition, once more we
read from selected papers and guaranteed that the papers selected are absolutely lawful as
indication for integrated security in agile practices, (as shown in Table.2) as the outcomes# per
basis and increased points of indications gathered (as shown in Graph.2).

55
Graph 1: Selected Papers
3.5 Study Quality Assessment
In this section (Step 6) depicts the quality of our research. We hardly found relevant work for the
questions that are entirely in support of our research work. Using data collected, we supported our
choices and explorations. From QA-1, it is found that relevant approaches which incorporated
security in agile and its practices. With QA2, we examined the challengesemerges while
incorporating security in agile. With QA3, we evaluated those approaches were sufficient for
integrated security in agile development.

56
Figure 3: Selection of Primary Studies

57
Table 2: Results over sources
IEEE Google scholar Elsevier ACM Science Direct Springer
Primary studies 11 17 2 7 3 5
Total Found 29 60 15 16 19 33
Candidate
studies
16 40 10 9 12 15
3.6 Data Extraction
In the similar fashion, we break-down the work. Data extraction (Step 7) was achieved in a
repetitive manner.We have endorsed the inferences given by [14]; it is predicted which might
found challenging constituting a precedence a comprehensive group of charges for the whole
belongings. We initiated the mining form with the attributes like research techniques,
perspectives that displays the mapping to the particular. Questions addressed by the attribute (as
shown in Table.3).
Table 3: Data Extraction
Attributes Research question
Title/Year/Author Overview of candidate literature
Context Overview of candidate literature
Search Strategy SLR

58
Graph 2: Number of results per sources
4. RESULT AND ANALYSIS
RQ1. What types of approaches are being suggested for the purpose of security
incorporation in agile and its practices?
In order to answer to RQ1 we conduct a detailed analysis to facilitate our finding (see table
4).Twenty six studies are considered for analysis, foundation of considering studies in this
particular review study is that only those studies are considered which provide any technique,
method, principal framework for integrating security in agile methodology and its practices. The
Parameters of this study were hauled out from numerous existing methodologies and studies were
evaluated on the basis of succeeding parameters. (1) For which particular agile practice
mechanism for security incorporation is provided [10]. (2) Involvement of security
engineer/expert in particular technique [16], [17]. (3) Provision of framework or principal for
security integration [10], [9]. (4) Research methodology used in the study [18]. (5) Domain
consider in a particular paper. [19], [20].It has been observed that out total50% of the studies
consider integration of security in agile generally, while 15% in Scrum, 23% in XP, only 12% in
FDD and no study mention any mechanism for security integration in DSDM(see graph 3). These
agile practices are included in this literature study because they are considered as popular among
researchers and practitioners.
Table 4: Selected Studies Analysis
Title
Year Of
Publicatio
n
Agile
Practice
[10]
Involvement
of security
engineer/exp
ert
[16],[17]
Framewo
rk/securi
ty
principal
[10],[9]
Methodolog
y
[18]
Domain
[19],[20]
Agile
Development of
Secure Web
Applications [19] 2006 FDD No Principal Case Study
Web
applicatio
ns

59
Agile Security
using an
incremental
architecture [21] 2005 Agile No Principal Exploratory
Not
mentioned
Agile
Development with
Security
Engineering
Activities [22] 2011 Agile No
Framewor
k Case Study
Mobile
applicatio
n
Improved
Extreme
Programming
Methodology with
Inbuilt Security
[23] 2011 XP No
Framewor
k Case Study
Web
applicatio
ns
FISA-XP: An Agile-
based Integration
of Security
Activities with
Extreme
Programming [16] 2014 XP Yes
Framewor
k Experiment
Not
mentioned
Selection of
Security Activities
for Integration
with Agile
Methods after
Combining their
Agility and
Effectiveness [24] 2014 Agile Yes
Framewor
k Exploratory
Not
mentioned
A Novel Security-
Enhanced Agile
Software
Development
Process Applied in
an Industrial
Setting [25] 2015 Agile Yes
Framewor
k Experiment
Mobile
applicatio
n
Extending the
Agile
Development
Approach to
Develop
Acceptably Secure
Software [26] 2014 Agile No Principal Case Study
Web
applicatio
ns
ROLE-BASED
EXTREME
PROGRAMMING
(XP) FOR SECURE
SOFTWARE
DEVELOPMENT
[27] 2013 XP Yes
Framewor
k Exploratory
Not
mentioned
Developing a
Secure website
using Feature 2013 FDD No
Not
mentioned Case Study
Web
applicatio
ns

60
Driven
Development
(FDD) [20]
Risk-Driven
Security Metrics
in Agile Software
Development – An
Industrial Pilot
Study [28] 2012 Agile No
Framewor
k Experiment
Mobile
applicatio
n
Secure Software
Development
Model: A Guide for
Secure Software
Life Cycle [29] 2010 Xp Yes
Framewor
k Exploratory
Not
mentioned
S-Scrum: a Secure
Methodology for
Agile
Development of
Web Services [30] 2013 Scrum No
Framewor
k Case Study
Web
applicatio
ns
Towards Agile
Security
Assurance [31] 2005 Agile No Principal Exploratory
Not
mentioned
Extending XP
Practices to
Support
Security
Requirements
Engineering [32] 2006 XP Yes
Framewor
k Experiment
Web
applicatio
ns
Security Planning
and Refactoring in
Extreme
Programming [33] 2006 XP No Principal Case Study
Web
applicatio
ns
Security Backlog
in Scrum Security
Practices [34] 2011 Scrum Yes
Framewor
k Exploratory
Not
mentioned
Integrating
Security into Agile
Development
Methods [35] 2005 Agile No Principal Case Study
Web
applicatio
ns
Development of
Agile Security
Framework Using
a Hybrid
Technique for
Requirements
Elicitation [17] 2011 Agile Yes
Framewor
k Case Study
Not
mentioned
Integration
Analysis of
Security Activities
from the
perspective of
agility[36] 2012 Agile Yes Principal Exploratory
Not
mentioned
Integrating 2008 Agile Yes Principal Exploratory Not

61
Software
Development
Security Activities
with Agile
Methodologies[37
]
mentioned
Using Assurance
Cases to Develop
Iteratively
Security Features
Using Scrum[38] 2014 Scrum No
Framewor
k Case study
Communic
ation
Secure Feature
Driven
Development
(SFDD) Model for
Secure Software
Development[39] 2013 FDD Yes
Framewor
k Exploratory
Not
mentioned
Secure Scrum:
Development of
Secure Software
with Scrum[40] Scrum No
Framewor
k Survey
Not
mentioned
The Creation of a
Distributed Agile
Team [41] 2007 Agile No
Framewor
k Exploratory
Web
Services
Towards Agile
Security in Web
Applications [42] 2006 Agile YES Principal Exploratory
Not
mentioned
Graph 3: Agile practices that integrate security

62
RQ2. What is the role of Security expert/Engineer in these approaches?
In order to develop secure software, it is important to have a dedicated person that has a fair
amount of knowledge about software security or in other word require security expert[24], [16].
Security experts should be responsible for proper integration of security in particular software
system [24], [36]. Traditionally involvement of security expert in agile software development for
developing secure software is considered as overhead [27]. But it has been observed that for
developing secure software using agile it is important to have a security expert and it will increase
the level of agility in development [16], [36]. Most of the time development teams are not aware
and familiar of security related construct and issues in the developing secure software and
because of lack of expertise in term of security it is difficult for developers to properly integrate
security in projects and increase the development time which in turn effect deliverable time of
agile increments [36],[29]. Thus, it is important to have the involvement security expert in agile
methodology to facilitate secure development. From literature that has been sighted it is extracted
that 54% studies had not mentioned the involvement of security expert in their approaches that
has been proposed for secure software development using Agile and its practices which is a major
drawback of these techniques and rest of 46 % mentioned the involvement of security expert in
their approaches (see graph 4)
Graph 4: Numbers of studies involving security expert
46% of studies encourage the participation of security engineer, after analyzing the studies
encouraging the participation of security expert it is spotted that [36], [16], [24], [37] calculate the

63
agility degree of various security activities using different techniques and proposed that the
activity with high agility degree needs to be integrated with agile methods so that it will not
disturb the agility of methods. If security engineer is involved throughout the development
process it is being assigned high value of agility and partial involvement is assigned as low values
of agility [16]. Rest of studies practically involved security expert in their proposed techniques.
We have analyzed these studies on the basis of two parameters which are derived from the above
discussion. (P1) involvement of security expert throughout the development lifecycle or in any
particular phase while (P2) clear definition and description of roles and responsibilities of
security expert.(See Table 5)
Table 5: Involvement of Security Expert in SDLC phases
Paper P1 P2
[25] Throughout development lifecycle
[27] Not mentioned
[29] Requirement engineering& design phase
[32] Requirement engineering phase
[34] Documentation, analysis & testing phase
[17] Requirement engineering phase
[39] Documentation, Development & testing phase
In (table 5) only [25] encourage the throughout involvement of security expert’s during the
development life cycle with defined roles, but major drawback of this approach is that it involves
security expertise more than required like security manager, security architect, security expert.
Involving a number of security experts e.g. 3 or more security related personals in agile team
don’t seem to be effective and may consider as overhead, whereas [34] doesn’t involve expert
throughout development life cycle and partially define the role and responsibilities of security
expert.
RQ3. What kind of challenges emerges while incorporating security in agile and its
practices?
Underneath are some of the challenges that are reported in the literature that limit agile
methodology and its practices to produce secure software (see Table 6). It is observed that
challenge Ch1, Ch5, Ch10, and Ch12 are closely related to the collaboration and awareness
among stakeholder in an agile development environment. Challenge Ch2, Ch4, Ch7, Ch11 are
often caused due to the iterative and incremental nature of agile development methodology.
Challenge Ch3, Ch9 have occurred as a consequence of security assurance of agile increments.
Ch6, Ch8, Ch13 are directly related to the development life cycle of agile. In Oder to improve

64
agile methodology and its practices to provide secure software, it is quite necessary to eliminate
these challenges or to trigger down their effect to possible minimal level.
Table 6: Agile security challenges
Code Challenge Papers
Ch1 Need of separation of roles between software developer and security expert [42],[40],[37],[29]
Ch2 Security assurance of increment & activities are difficult if the code is changing
continuously.
[31],[26]
Ch3 Detailed documentation is required for security assessment [31],[42],
Ch4 Security constraints are violated due to refracting [31],[33]
Ch5 Lack of experience of developers in developing secure software [29],[20],[24]
Ch6 Neglecting risk assessment [32],[28],[19]
Ch7 Security requirements are difficult to track if requirements change frequently. [32]
Ch8 Security measure is not considered in every iteration [31],[23],[19],[26]
Ch9 Test cases are not adequate to ensure the integration of security related
requirement
[31],[24]
Ch10 Lack of security requirements and considerations [7],[17]
Ch11 Requirements change and design change violate the security requirement of
the system.
[32],[17]
Ch12 Unawareness of customer in term of security [34],[39]
Ch13 Neglecting security requirements in elicitation phase [32],[19],[17]
5. DISCUSSION
After reviewing and analyzing the literature, it is observed that involvement of security expert
throughout the development life cycle is necessary in order to cater security related concern and
for proper integration of security in agile increment. In the majority of studies (54%) security
expert is unavailable and seems that it is undefined, who will be responsible for maintaining
security of agile increments and deliverables. In the absence of security expert it is hard to define
that who will be responsible for this critical task, because it is quite unjustified to handover this
critical task to individuals having limited knowledge and background of software security. If this
important and critical task is assigned to teams or individuals who are not expert in the field of
software security it will not only increase the cost in term of time and negatively affects the
quality of software in term of security.
Out of the total 45 % of the studies mentioned the involvement of security expert in their
techniques, but the major draw of these studies is that they are not facilitating the involvement of
security expert throughout development life cycle and secondly there is no clear description of
roles and responsibilities of security expert. Ch1, Ch5 and Ch12 (see table) can be catered by
involving security expert with defined and separate roles and responsibilities in software
development life cycle, Ch13 and Ch10 can be managed by the involvement of security expert in
requirements engineering phase by taking into account of security requirements. Involving
security expert in the construction phase can affect Ch7, Ch8 and Ch11 positivity by having a
critical eye on the construction phase in term of security. Ch2, Ch9 can be handled by involving
security expert in testing and transition phase.

65
From the consequence of the above discussion, it is mined that useful techniques has been
proposed in regard of developing secure software using agile. The Major weakness of these
techniques due which they are not able to properly integrate security in agile are lack of
involvement of a security expert, or if involved, then he was not been involved throughout the
development life cycle and his roles and responsibilities are not defined. So it is quite important
to have the involvement of security expert with defining roles and responsibilities throughout the
agile development life cycle, i.e. in inception, construction and transition phase, in order to take
care of security related aspect of software and for fruitful integration of security in every agile
iteration and deliverable. It has hauled out from literature that if security is not considered in
every phase of the agile development cycle, it makes secure software development challenging
and leaves possible glitches in developed software in term of security.
6.CONCLUSION
To gain insight into the current status of security in Agile Development Cycle and its techniques,
a systematic literature review (SLR) has been conducted that highlights the current issues of
security in Agile practices. Agile has been criticized for lacking security due to its incremental
approach. Some complications have been highlighted such as lack of consideration of security
throughout the agile development life cycle and absence of the dedicated resource person, having
a fair knowledge of software security, with defined responsibilities. From review it has been
observed that some researcher has agreed that there should be a defined role to fulfil security
aspects in complete lifecycle. In the future, we are planning to develop a framework in order to
address the issues mentioned in this paper for security integration in agile properly and correctly
with ease and to obtain better results.
7.REFRENCES
[1] I. Ghani, & I.Yasin, (2013) "Software Security Engineering In Extreme Programming Methodology :
A Systematic Literature", Science International Volume No.25 (2), pp-215–221.
[2] M. V. Mohamed, (2014) "Implementation of Scrum Framework of Agile Methodology for an Online
Project", International Journal of Emerging Technology & Advance Engineering, Volume 4 (7), pp-
435–440
[3] R. C. Martin, (2003.) “Agile Software Development: Principles, Patterns, and Practices”, 1st ed.
Upper Saddle River, NJ, USA: Prentice Hall PTR,
[4] T. Dyba & T. Dingsoyr, (2008) “Empirical studies of agile software development: A systematic
review,” Information and Software Technology Elsevier, vol. 50, (9) 10, pp. 833 – 859
[5] J. Wäyrynen, M. Bodén. & G. Boström, Security (2004) “Engineering and extreme Programming: An
Impossible Marriage?” In Proceedings of the 4th Conference on Extreme Programming and Agile
Methods. 2004, Springer-Verlag, Lecture Notes in Computer Science, pp. 117
[6] J. C. Alberts, & R. S. Allen, (2011) “Risk based measurement and analysis: Application to software
security”, Software Engineering Institute, Carnegie Mellon University Pittsburgh.
[7] S. Bryan, Streamline (2010) “Security Practices for Agile Development”. MSDN Magazine.
[8] C. Zannier, H. Erdogmus & Lowell Lindstrom (2002), “On bricks and walls: Why building secure
software is hard, “Computers& Security”, vol. 21(3), pp. 229–238.

66
[9] A. Sani, & A. Firdaus, (2013), "A Review on Software Development Security Engineering using
Dynamic System Method ( DSDM )", International Journal Of Computer Applications ,Volume No.
69 (25), pp-37–44.
[10] I. Ghani, N. Niknejad, M. Bello, M. W. Chughtai, & S. R. Jeong, (2015) " ( SDSDM ): A Survey
About Its Suitability", Journal of Theoretical and Applied Information Technology, Volume No.74
(1).
[11] A. Firdaus, A. Universiti, I. Ghani, & Teknologi, (2014) "A Systematic Literature Review on Secure
Software Development using Feature Driven Development ( FDD ) Agile Model", Journal of the
Society for Internet Information, Article No 15 (1), pp. 13-27
http://doi.org/10.7472/jksii.2014.15.1.13.
[12] H. Oueslati, (2015) "Literature Review of the Challenges of Developing Secure Software Using the
Agile Approach" 10th
IEEE International Conference on Availability, Reliabilty & security, pp. 540-
547.
[13] Oueslati et al., (2016) "Evaluation of the challenges of developing secure software using agile
approach". International Journal of secure software Enginerring Volume 7 ( 4).
[14] B. Kitchenham, R. Pretorius, D. Budgen, O. P. Brereton, M. Turner, M. Niazi, & S. Linkman, (2010)
"Systematic literature reviews in software engineering – A tertiary study". Information and Software
Technology, Volume No.52 (8), pp- 792–805. http://doi.org/10.1016/j.infsof.2010.03.006
[15] M. Staples, & M. Niazi, (2007). “Experiences Using Systematic Review Guidelines”. Journal of
Systems and Software, ACM, Vol. 80(9) pp. 1425-1437.
[16] S. Singhal, & H. Banati, (2014) “Fisa-Xp”. ACM SIGSOFT Software Engineering Notes, volume
39(3),. pp.1–14. http://doi.org/10.1145/2597716.2597728
[17] A. Singhal, (n.d.). (2011) "Development of Agile Security Framework Using a Hybrid Technique for
Requirements Elicitation", Advances in communiaction & control Springer Berlin Heidelberg.
[18] G. E. Richard, (April 2008), "Getting Students to Think about How Agile Processes Can Be Made
More Secure", 21st IEEE Conference on Software Engineering Education and Training pp.51-58.
[19] X. Ge, R. F. Paige, F. a. C. Polack, H. Chivers, & P. J. Brooke, (2006) “Agile development of secure
web applications". Proceedings of the 6th International Conference on Web Engineering, ACM -
ICWE ’ 06, pp. 305–312 http://doi.org/10.1145/1145581.1145641
[20] A. Firdaus, I. Ghani, Izzaty, & M. Yasin, ( 2013) "Developing Secure Websites Using Feature
Driven Development ( FDD ): A Case Study", Journal of clean Energy Technology, volume 01(4).
http://doi.org/10.7763/JOCET.2013.V1.73
[21] H. Chivers, R. F. Paige, & X. Ge, (2005) “Agile Security Using an Incremental Security
Architecture”, Extreme Programming and Agile Processes in Software Engineering. Springer Berlin
Heidelberg, pp. 57–65.
[22] B. Carlsson, (2011) “Agile Development with Security Engineering Activities”, Proceedings of the
2011 International Conference on Software and Systems Process. ACM, pp. 149–158.
[23] S, B. M., & N. Norwawi, (2011) “Improved Extreme Programming Methodology with Inbuilt
Security”, IEEE Symposium on Computers & Informatics pp. 674–679.
[24] A. Singhal, (n.d.). (2014) “Selection of Security Activities for Integration with Agile Methods after
Combining their Agility and Effectiveness,”volume 6 (2), pp. 57–67
[25] D. Baca, M. Boldt, B. Carlsson, & A. Jacobson, (2015) "A Novel Security-Enhanced Agile Software
Development Process Applied in an Industrial Setting", 10th International Conference on
Availability, Reliability and Security. http://doi.org/10.1109/ARES.2015.45.
[26] L. Othmane, P. Angin, H. Weffers, & B. Bhargava, (2014) "Extending the Agile Development
Approach to Develop Acceptably Secure Software", Dependable and Secure Computing, IEEE
Transactions on volume 11(06), pp 1–14. http://doi.org/10.1109/TDSC.2014.2298011
[27] I. Ghani, & A. Firdaus. (2013) "Role-Based Extreme Programming ( Xp ) For Secure sofware
Development" Vol. 25,

67
[28] R. M. Savola, C. Frühwirth, & Pietikäinen, (2012) "A. Risk-Driven Security Metrics in Agile
Software Development – An Industrial Pilot Study", Journal of Universal computer Science, volume
18( 12) , pp.1679–1702.
[29] M. I. Daud, (2010 ) "Secure Software Development Model : A Guide for Secure Software Life
Cycle.", International Multiconference of Engineers and computer scientist volume No.1. pp. 17-19.
[30] D. Mougouei, N. Fazlida, M. Sani, & M. M. Almasi, (2013) "S-Scrum : a Secure Methodology for
Agile Development of Web Services", world of computer science & Information Technology Journal
volume No. 3 (1), pp. 15–19.
[31] K. Beznosov, & P. Kruchten, (2005), "Towards Agile Security Assurance", Proceedings of the 2004
workshop on New security paradigms. ACM, pp. 47–54.
[32] Boström, K. Beznosov, & P. Kruchten, (2006) "Extending XP Practices to Support Security
Requirements Engineering", International workshop on software enginerring for secure system ,
ACM pp. 11–18.
[33] E. G., Aydal, R. F. Paige, H. Chivers, & P. J. Brooke, (2006) "Security Planning and Refactoring in
Extreme Programming", Springer Berlin Heidelberg, pp. 154–163.
[34] Z. Azham, (2011) "Security Backlog in Scrum Security Practices" 5th
Malaysian Conference on IEEE,
pp. 414–417
[35] M. Siponen, R. Baskerville & T. Kuivalainen, 2005 “Integrating Security into Agile Development
Methods”, System Sciences, 2005. HICSS'05. Proceedings of the 38th Annual Hawaii International
Conference on. IEEE, pp.185a-185a
[36] Singhal, A. (2012). “Integration Analysis of Security Activities from the perspective of agility”
Conference on IEEE http://doi.org/10.1109/AgileIndia.2012.9
[37] H. Keramati, (2008) "Integrating Software Development Security Activities with Agile
Methodologies", Computer System & Application International conference on IEEE, pp 749-754.
[38] L. Othmane, (2014) "Using Assurance Cases to Develop Iteratively Security Features Using
Scrum",9th
International Conference on IEEE http://doi.org/10.1109/ARES.2014.73.
[39] A. Firdaus, I. Ghani, & S. Ryul, (2014) "Secure Feature Driven Development ( SFDD ) Model for
Secure Software Development” 2nd International Conference on Innovation, Management and
Technology Research Procedia - Social and Behavioral Sciences Elsevier, Volume No.129, pp. 546–
553. http://doi.org/10.1016/j.sbspro.2014.03.712.
[40] C.Pohl, (n.dl.). ( 2015) "Secure Scrum : Development of Secure Software with Scrum" arXiv preprint
arXiv: 1507.02992.
[41] P, K & F Cannizzo, British, (2007) "The Creation of a Distributed Agile Team", In Agile Processes
in Software Engineering and Extreme Programming, Springer Berlin Heidelberg pp. 235-239.
[42] V. Kongsli, (2006) "Towards Agile Security in Web Applications", Companion to the 21st ACM
SIGPLAN symposium on Object-oriented programming systems, languages, and applications. ACM,
pp. 805-808.
[43] Usman Rafi, Tasleem Mustafa, (2015) “US-Scrum: A Methodology for Developing Software with
Enhanced Correctness, Usability and Security”. International Journal of Scientific & Engineering
Research, Volume 6, (9), 377 ISSN 2229-5518. pp- 377-383.
[44] A. A. Liza, M. G. Andrew, B.W. Gary, (2012)" Emergence of Agile Methods: Perceptions from
Software” Practitioners in Malaysia, Conference of IEEE Agile India, pp. 30-39
[45] A. Tuli, et al. (2014), "Empirical investigation of agile software development: cloud
perspective." ACM SIGSOFT Software Engineering Volume 39(4) pp. 1-6

68
Authors
Raja Khaim Shahzad was born in Islamabad, Pakistan. He is research student,
done BS (CS) from PMAS Arid Agriculture University Rawalpindi, Pakistan in
2012, now doing MS (CS) from same University. His research area is software
engineering, agile software development, software Security, Information Security
Saba Naz, research student, done MCS from International Islamic University
Islamabad, Pakistan in 2013, now doing MS (CS) from PMAS Arid Agriculture
University Rawalpindi, Pakistan. Her research area is image processing, software
security, information security, data mining.
Syed Fakhar Abbas, research student, done MCS from PMAS Arid Agriculture
University Rawalpindi, Pakistan in 2009, now doing now doing MS (CS) from
same University. His research area is software engineering and web development.
Naila Iqbal research student, done BSCS from Fatimah Jinnah University
Rawalpindi, Pakistan in 2013, now doing MS (CS) from PMAS Arid
Agriculture University Rawalpindi, Pakistan. Her research area is software
engineering, agile software development and requirement Engineering.
Mamoona Humayun is Ph.D. in computer science by Harbin Institute of
Technology, Harbin China, in 2014. She is assistant professor at University
Institute of Information Technology, PMAS-Arid Agriculture University
Rawalpindi. Her research interests are Global software development,
requirement engineering, and knowledge management and web application
security vulnerabilities.

A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT

More Related Content

What's hot (20)

Similar to A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT (20)

Recently uploaded (20)

A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT