{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:54:08Z","timestamp":1760586848190,"version":"3.40.3"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319576329"},{"type":"electronic","value":"9783319576336"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-57633-6_13","type":"book-chapter","created":{"date-parts":[[2017,4,13]],"date-time":"2017-04-13T08:38:55Z","timestamp":1492072735000},"page":"201-216","source":"Crossref","is-referenced-by-count":26,"title":["How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams"],"prefix":"10.1007","author":[{"given":"Daniela Soares","family":"Cruzes","sequence":"first","affiliation":[]},{"given":"Michael","family":"Felderer","sequence":"additional","affiliation":[]},{"given":"Tosin Daniel","family":"Oyetoyan","sequence":"additional","affiliation":[]},{"given":"Matthias","family":"Gander","sequence":"additional","affiliation":[]},{"given":"Irdin","family":"Pekaric","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,4,14]]},"reference":[{"issue":"1","key":"13_CR1","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1109\/MSP.2005.23","volume":"3","author":"B Arkin","year":"2005","unstructured":"Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Secur. Priv. 3(1), 84\u201387 (2005)","journal-title":"IEEE Secur. Priv."},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Austin, A., Williams, L.: One technique is not enough: a comparison of vulnerability discovery techniques. In: ESEM 2011, pp. 97\u2013106 (2011)","DOI":"10.1109\/ESEM.2011.18"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Baca, D., Boldt, M., Carlsson B., Jacobsson, A.: A novel security-enhanced agile software development process applied in an industrial setting. In: ARES 2015, pp. 11\u201319 (2015)","DOI":"10.1109\/ARES.2015.45"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Beznosov, K., Kruchten, P.: Towards agile security assurance. In: NSPW 2004, pp. 47\u201354 (2004)","DOI":"10.1145\/1065907.1066034"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Camacho, C.R., Marczak, S., Cruzes, D.S.: Agile team members perceptions on non-functional testing: influencing factors from an empirical study. In: ARES 2016, pp. 582\u2013589 (2016)","DOI":"10.1109\/ARES.2016.98"},{"issue":"6","key":"13_CR6","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MSP.2004.111","volume":"2","author":"B Chess","year":"2004","unstructured":"Chess, B., McGraw, G.: Static analysis for security. IEEE Secur. Priv. 2(6), 76\u201379 (2004)","journal-title":"IEEE Secur. Priv."},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Choliz, J., Vilas, J., Moreira, J.: Independent security testing on agile software development: a case study in a software company. In: ARES 2015, pp. 522\u2013531 (2015)","DOI":"10.1109\/ARES.2015.79"},{"key":"13_CR8","unstructured":"Common Weakness Enumeration (CWE), 5 March, 2017. https:\/\/cwe.mitre.org\/index.html"},{"key":"13_CR9","volume-title":"Agile Testing: A Practical Guide for Testers and Agile Teams","author":"L Crispin","year":"2009","unstructured":"Crispin, L., Gregory, J.: Agile Testing: A Practical Guide for Testers and Agile Teams. Addison-Wesley Professional, Boston (2009)"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Cruzes, D., Dyb\u00e5, T.: Recommended steps for thematic synthesis in software engineering. In: ESEM 2011, pp. 275\u2013284 (2011)","DOI":"10.1109\/ESEM.2011.36"},{"key":"13_CR11","unstructured":"CWE\/SANS TOP 25 Most Dangerous Software Errors, 5 March 2017. https:\/\/www.sans.org\/top25-software-errors\/"},{"key":"13_CR12","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/978-3-642-13054-0_2","volume-title":"Agile Processes in Software Engineering and Extreme Programming","author":"G Erdogan","year":"2010","unstructured":"Erdogan, G., Meland, P.H., Mathieson, D.: Security testing in agile web application development - a case study using the EAST methodology. In: Sillitti, A., Martin, A., Wang, X., Whitworth, E. (eds.) XP 2010. LNBIP, vol. 48, pp. 14\u201327. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-13054-0_2"},{"issue":"3","key":"13_CR13","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1007\/s10009-015-0365-2","volume":"17","author":"M Felderer","year":"2015","unstructured":"Felderer, M., Fourneret, E.: A systematic classification of security regression testing approaches. Int. J. Soft Tools Technol. Transf. 17(3), 305\u2013319 (2015)","journal-title":"Int. J. Soft Tools Technol. Transf."},{"issue":"5","key":"13_CR14","doi-asserted-by":"crossref","first-page":"559","DOI":"10.1007\/s10009-014-0332-3","volume":"16","author":"M Felderer","year":"2014","unstructured":"Felderer, M., Schieferdecker, I.: A taxonomy of risk-based testing. Int. J. Softw. Tools Technol. Transf. 16(5), 559\u2013568 (2014)","journal-title":"Int. J. Softw. Tools Technol. Transf."},{"key":"13_CR15","first-page":"195","volume":"161","author":"M Felderer","year":"2011","unstructured":"Felderer, M., Agreiter, B., Breu, R., Armenteros, A.: Security Testing by Telling Test Stories. Modellierung 161, 195\u2013202 (2011)","journal-title":"Modellierung"},{"key":"13_CR16","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/bs.adcom.2015.11.003","volume":"101","author":"M Felderer","year":"2016","unstructured":"Felderer, M., B\u00fcchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Chapter one-security testing: a survey. Adv. Comput. 101, 1\u201351 (2016)","journal-title":"Adv. Comput."},{"issue":"2","key":"13_CR17","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1002\/stvr.1580","volume":"26","author":"M Felderer","year":"2016","unstructured":"Felderer, M., Zech, P., Breu, R., B\u00fcchler, M., Pretschner, A.: Model-based security testing: a taxonomy and systematic classification. Softw. Test. Verification Reliab. 26(2), 119\u2013148 (2016)","journal-title":"Softw. Test. Verification Reliab."},{"key":"13_CR18","first-page":"176","volume":"123","author":"B Fitzgerald","year":"2017","unstructured":"Fitzgerald, B., Stol, K.-J.: Continuous software engineering: a roadmap and agenda. JSS 123, 176\u2013189 (2017)","journal-title":"JSS"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Keramati, H., Mirian-Hosseinabadi, S.: Integrating software development security activities with agile methodologies. In: AICCSA 2008 (2008)","DOI":"10.1109\/AICCSA.2008.4493611"},{"issue":"2","key":"13_CR20","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1002\/spe.2111","volume":"43","author":"A Marback","year":"2013","unstructured":"Marback, A., Do, H., He, K., Kondamarri, S., Xu, D.: A threat model-based approach to security testing. Softw. Pract. Experience 43(2), 241\u2013258 (2013)","journal-title":"Softw. Pract. Experience"},{"issue":"5","key":"13_CR21","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1109\/MSP.2004.84","volume":"2","author":"G McGraw","year":"2004","unstructured":"McGraw, G., Potter, B.: Software security testing. IEEE Secur. Priv. 2(5), 81\u201385 (2004)","journal-title":"IEEE Secur. Priv."},{"key":"13_CR22","unstructured":"Microsoft, Agile Development Using Microsoft Security Development Lifecycle 5 March 2017. http:\/\/www.microsoft.com\/en-us\/sdl\/discover\/sdlagile.aspx"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Moe, N.B., Cruzes, D., Dyb\u00e5, T., Mikkelsen, E.M.: Continuous software testing in a globally distributed project. In: ICGSE 2015, pp. 130\u2013134 (2015)","DOI":"10.1109\/ICGSE.2015.24"},{"key":"13_CR24","doi-asserted-by":"crossref","first-page":"17","DOI":"10.4018\/IJSSE.2016010102","volume":"7","author":"H Oueslati","year":"2016","unstructured":"Oueslati, H., Rahman, M.M., Othmane, L., Ghani, I., Arbain, A.F.: Evaluation of the challenges of developing secure software using the agile approach. Int. J. Secure Softw. Eng. 7, 17 (2016)","journal-title":"Int. J. Secure Softw. Eng."},{"key":"13_CR25","unstructured":"OWASP Foundation: OWASP Testing Guide v4. 5 March, 2017. https:\/\/www.owasp.org\/index.php\/OWASP_Testing_Project"},{"key":"13_CR26","unstructured":"OWASP Top 10. 5 March 2017. https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10"},{"key":"13_CR27","doi-asserted-by":"crossref","unstructured":"Oyetoyan, T.D., Cruzes, D.S., Jaatun, M.G.: An empirical study on the relationship between software security skills, usage and training needs in agile settings. In: ARES 2016, pp. 548\u2013555 (2016)","DOI":"10.1109\/ARES.2016.103"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Paul, M.: Official (ISC)2 Guide to the CSSLP CBK, 2nd edn. (ISC)2 Press (2014)","DOI":"10.1201\/b15377"},{"key":"13_CR29","doi-asserted-by":"crossref","unstructured":"Peischl, B., Felderer, M., Beer, A.: Testing security requirements with non-experts: approaches and empirical investigations. In: QRS 2016, pp. 254\u2013261 (2016)","DOI":"10.1109\/QRS.2016.37"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Rindell, K., Hyrynsalmi, S., Lepp\u00e4nen, V.: Case study of security development in an agile environment: building identity management for a government agency. In: ARES 2016, pp. 556\u2013563 (2016)","DOI":"10.1109\/ARES.2016.45"},{"issue":"1","key":"13_CR31","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34\u201344 (2005)","journal-title":"Requirements Eng."},{"key":"13_CR32","unstructured":"Tappenden, A., et al.: Agile security testing of web-based systems via HTTP unit. In: Proceedings of Agile Conference. IEEE (2005)"},{"key":"13_CR33","first-page":"647","volume":"70","author":"G Tian-yang","year":"2010","unstructured":"Tian-yang, G., Yin-sheng, S., You-yuan, F.: Research on software security testing. World Acad. Sci. Eng. Technol. 70, 647\u2013651 (2010)","journal-title":"World Acad. Sci. Eng. Technol."},{"key":"13_CR34","unstructured":"T\u00fcrpe, S., Kocksch, L., Poller, A.: Penetration tests a turning point in security practices? In: Organizational Challenges and Implications in a Software Development Team, WSIW@SOUPS 2016 (2016)"}],"container-title":["Lecture Notes in Business Information Processing","Agile Processes in Software Engineering and Extreme Programming"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-57633-6_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,20]],"date-time":"2019-09-20T21:37:23Z","timestamp":1569015443000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-57633-6_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319576329","9783319576336"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-57633-6_13","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2017]]}}}