An Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

by   H. Villamizar, et al.

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in (review) meetings, they are often not aware that they should also discuss security-related topics, and (2) they typically do not have enough security expertise. These concerns become even more challenging in agile development contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach to support reviewing security-related aspects in agile requirements specifications of web applications. The designed approach considers user stories and security specifications as input and relates those user stories to security properties via Natural Language Processing (NLP) techniques. Based on the related security properties, our approach then identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified and generates a focused reading techniques to support reviewers in detecting detects. We evaluate our approach via two controlled experiment trials, comparing the effectiveness and efficiency of novice inspectors verifying security aspects in agile requirements using our reading technique against using the complete list of OWASP high-level security requirements. The (statistically significant) results indicate that using the reading technique has a positive impact (with very large effect size) on the performance of inspectors in terms of effectiveness and efficiency.



There are no comments yet.


page 1


An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

Defects in requirements specifications can have severe consequences duri...

How to Integrate Security Compliance Requirements with Agile Software Engineering at Scale?

Integrating security into agile software development is an open issue fo...

Cross-project Classification of Security-related Requirements

We investigate the feasibility of using a classifier for security-relate...

T-Reqs: Tool Support for Managing Requirements in Large-Scale Agile System Development

Requirements engineering is crucial to support agile development of larg...

How do Quantifiers Affect the Quality of Requirements?

Context: Requirements quality can have a substantial impact on the effec...

A Systematic Mapping Study on Security in Agile Requirements Engineering

[Background] The rapidly changing business environments in which many co...

Learning to Identify Security-RelatedIssues Using Convolutional Neural Networks

Software security is becoming a high priority for both large companies a...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.