Title: SCOWP: agile methodology for secure web-based software development
Authors: Augusto De Arco Chiquillo; Paul Sanmartin Mendoza; Adriana Iglesias
Addresses: Systems Engineering, Faculty of Engineering, Simón Bolívar University, Sede 3, Carrera 59 No. 59-65, Barranquilla, 080002, Colombia ' Systems Engineering, Faculty of Engineering, Simón Bolívar University, Sede 3, Carrera 59 No. 59-65, Barranquilla, 080002, Colombia ' Systems Engineering, Faculty of Engineering, Simón Bolívar University, Sede 3, Carrera 59 No. 59-65, Barranquilla, 080002, Colombia
Abstract: This paper proposes a methodology called SCOWP that combines the agility of Scrum with risk management (for Web environments) of open web application security project (OWASP). The purpose of SCOWP is to allow the development of an agile software product that meets the established functional requirements, considering the most important risks identified by OWASP. As a result, there will be a web-based software which implements the best security practices as a quality attribute that increases the value of the done product. A pilot development was implemented in a software development company with satisfactory results, furthermore this company formally adopted it as a job methodology.
Keywords: agile methodologies; information security; OWASP; open web application security project; risks in web-based software; SCOWP; scrum; secure software development.
DOI: 10.1504/IJASM.2022.124161
International Journal of Agile Systems and Management, 2022 Vol.15 No.1, pp.1 - 30
Received: 27 Nov 2019
Accepted: 14 Mar 2021
Published online: 15 Jul 2022 *