Startsida
Hjälp
Sök i LIBRIS databas

     

 

Sökning: onr:n1tq2lzzl1zjn5kr > An efficient approa...

An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications [Elektronisk resurs]

Villamizar, Hugo (författare)
Kalinowski, Marcos (författare)
Garcia, Alessandro F. (författare)
Mendez, Daniel (författare)
Blekinge Tekniska Högskola Fakulteten för datavetenskaper (utgivare)
Publicerad: Springer Science and Business Media Deutschland GmbH, 2020
Engelska.
Ingår i: Requirements Engineering. - 0947-3602.
Läs hela texten
Läs hela texten
Läs hela texten
  • E-artikel/E-kapitel
Sammanfattning Ämnesord
Stäng  
  • Defects in requirement specifications can have severe consequences during the software development life cycle. Some of them may result in poor product quality and/or time and budget overrun due to incorrect or missing quality characteristics, such as security. This characteristic requires special attention in web applications because they have become a target for manipulating sensible data. Several concerns make security difficult to deal with. For instance, security requirements are often misunderstood and improperly specified due to lack of security expertise and emphasis on security during early stages of software development. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically produced. To tackle this problem, we designed an approach for reviewing security-related aspects in agile requirements specifications of web applications. Our proposal considers user stories and security specifications as inputs and relates those user stories to security properties via natural language processing. Based on the related security properties, our approach identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via three experimental trials conducted with 56 novice software engineers, measuring effectiveness, efficiency, usefulness and ease of use. We compare our approach against using: (1) the OWASP high-level security requirements and (2) a perspective-based approach as proposed in contemporary state of the art. The results strengthen our confidence that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency. © 2020, Springer-Verlag London Ltd., part of Springer Nature. 

Ämnesord

Natural Sciences  (hsv)
Computer and Information Sciences  (hsv)
Software Engineering  (hsv)
Naturvetenskap  (hsv)
Data- och informationsvetenskap  (hsv)
Programvaruteknik  (hsv)

Genre

government publication  (marcgt)

Indexterm och SAB-rubrik

Agile requirements
Requirement verification
Software inspection
Software security
Budget control
Computer software
Cryptography
Defects
Efficiency
Life cycle
Natural language processing systems
Software design
Specifications
Effectiveness and efficiencies
Experimental trials
NAtural language processing
Open web application security projects
Quality characteristic
Requirement specification
Security requirements
Software development life cycle
Network security
Inställningar Hjälp

Ingår i annan publikation. Gå till titeln Requirements Engineering

Om LIBRIS
Sekretess
Hjälp
Fel i posten?
Kontakt
Teknik och format
Sök utifrån
Sökrutor
Plug-ins
Bookmarklet
Anpassa
Textstorlek
Kontrast
Vyer
LIBRIS söktjänster
SwePub
Uppsök

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

Copyright © LIBRIS - Nationella bibliotekssystem

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy