Title: SCOWP: agile methodology for secure web-based software development

Authors: Augusto De Arco Chiquillo; Paul Sanmartin Mendoza; Adriana Iglesias

Addresses: Systems Engineering, Faculty of Engineering, Simón Bolívar University, Sede 3, Carrera 59 No. 59-65, Barranquilla, 080002, Colombia ' Systems Engineering, Faculty of Engineering, Simón Bolívar University, Sede 3, Carrera 59 No. 59-65, Barranquilla, 080002, Colombia ' Systems Engineering, Faculty of Engineering, Simón Bolívar University, Sede 3, Carrera 59 No. 59-65, Barranquilla, 080002, Colombia

Abstract: This paper proposes a methodology called SCOWP that combines the agility of Scrum with risk management (for Web environments) of open web application security project (OWASP). The purpose of SCOWP is to allow the development of an agile software product that meets the established functional requirements, considering the most important risks identified by OWASP. As a result, there will be a web-based software which implements the best security practices as a quality attribute that increases the value of the done product. A pilot development was implemented in a software development company with satisfactory results, furthermore this company formally adopted it as a job methodology.

Keywords: agile methodologies; information security; OWASP; open web application security project; risks in web-based software; SCOWP; scrum; secure software development.

DOI: 10.1504/IJASM.2022.124161

International Journal of Agile Systems and Management, 2022 Vol.15 No.1, pp.1 - 30

Accepted: 14 Mar 2021
Published online: 15 Jul 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article