Show simple item record

dc.contributor.authorCruzes, Daniela Soares
dc.contributor.authorFelderer, Michael
dc.contributor.authorOyetoyan, Tosin Daniel
dc.contributor.authorGander, Matthias
dc.contributor.authorPekaric, Irdin
dc.date.accessioned2017-09-25T06:20:04Z
dc.date.available2017-09-25T06:20:04Z
dc.date.created2017-09-21T14:28:09Z
dc.date.issued2017
dc.identifier.citationLecture Notes in Business Information Processing. 2017, 283 201-216.nb_NO
dc.identifier.issn1865-1348
dc.identifier.urihttp://hdl.handle.net/11250/2456411
dc.description.abstractSecurity testing can broadly be described as (1) the testing of security requirements that concerns confidentiality, integrity, availability, authentication, authorization, nonrepudiation and (2) the testing of the software to validate how much it can withstand an attack. Agile testing involves immediately integrating changes into the main system, continuously testing all changes and updating test cases to be able to run a regression test at any time to verify that changes have not broken existing functionality. Software companies have a challenge to systematically apply security testing in their processes nowadays. There is a lack of guidelines in practice as well as empirical studies in real-world projects on agile security testing; industry in general needs a more systematic approach to security. The findings of this research are not surprising, but at the same time are alarming. The lack of knowledge on security by agile teams in general, the large dependency on incidental pen-testers, and the ignorance in static testing for security are indicators that security testing is highly under addressed and that more efforts should be addressed to security testing in agile teams.nb_NO
dc.language.isoengnb_NO
dc.rightsNavngivelse 4.0 Internasjonal*
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/deed.no*
dc.titleHow is security testing done in agile teams? A cross-case analysis of four software teamsnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.description.versionacceptedVersionnb_NO
dc.source.pagenumber201-216nb_NO
dc.source.volume283nb_NO
dc.source.journalLecture Notes in Business Information Processingnb_NO
dc.identifier.doi10.1007/978-3-319-57633-6_13
dc.identifier.cristin1496551
dc.relation.projectNorges forskningsråd: 247678nb_NO
dc.relation.projectNorges forskningsråd: 247678/O70nb_NO
cristin.unitcode7401,90,13,0
cristin.unitnameSystemutvikling og sikkerhet
cristin.ispublishedtrue
cristin.fulltextpostprint
cristin.qualitycode1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Navngivelse 4.0 Internasjonal
Except where otherwise noted, this item's license is described as Navngivelse 4.0 Internasjonal