S2D2: Security & Safety Driven Development: an approach for agile services development process
Resumo
The purpose of this paper is to present a methodology to guide a service secure development for agile development teams. The proposal is guided by a Reference Architecture (RA) based on a threat and risk modeling. The methodology predicts emphasis on behaviors that consider threats, attacks, vectors, risks, actors, devices, and assets. Into the agile concerns, the RA concerned with presenting a lightweight process focused on the efficiency and reduction efforts for good practices for secure development, considering design and coding, as well as acceptance tests. In its current state, the proposal was validated in two ways, namely: through ten “top threats” catalogs, such as [15, 18]. In addition, applying the proposal as an agile tool for threat predictability and risk control over the source-code. As a result, it was possible to characterizing as a mechanism that provides a guided methodology for threat and risk driven-development.
Publicado
17/10/2017
Como Citar
SILVA, Carlo Marcelo Revoredo da ; GARCIA, Vinícius Cardoso ; FEITOSA, Eduardo Luzeiro.
S2D2: Security & Safety Driven Development: an approach for agile services development process. In: WORKSHOP DE TESES E DISSERTAÇÕES - SIMPÓSIO BRASILEIRO DE SISTEMAS MULTIMÍDIA E WEB (WEBMEDIA) , 2017, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 17-24.
ISSN 2596-1683.