S2D2: Security & Safety Driven Development: an approach for agile services development process

Resumo

The purpose of this paper is to present a methodology to guide a service secure development for agile development teams. The proposal is guided by a Reference Architecture (RA) based on a threat and risk modeling. The methodology predicts emphasis on behaviors that consider threats, attacks, vectors, risks, actors, devices, and assets. Into the agile concerns, the RA concerned with presenting a lightweight process focused on the efficiency and reduction efforts for good practices for secure development, considering design and coding, as well as acceptance tests. In its current state, the proposal was validated in two ways, namely: through ten “top threats” catalogs, such as [15, 18]. In addition, applying the proposal as an agile tool for threat predictability and risk control over the source-code. As a result, it was possible to characterizing as a mechanism that provides a guided methodology for threat and risk driven-development.