{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T17:23:59Z","timestamp":1725557039088},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642130533"},{"type":"electronic","value":"9783642130540"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-13054-0_2","type":"book-chapter","created":{"date-parts":[[2010,6,3]],"date-time":"2010-06-03T08:01:52Z","timestamp":1275552112000},"page":"14-27","source":"Crossref","is-referenced-by-count":10,"title":["Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology"],"prefix":"10.1007","author":[{"given":"Gencer","family":"Erdogan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Per H\u00e5kon","family":"Meland","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Derek","family":"Mathieson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"2_CR1","first-page":"199","volume-title":"International Conference on Software Engineering","author":"M. Jazayeri","year":"2007","unstructured":"Jazayeri, M.: Some trends in Web application development. In: International Conference on Software Engineering, pp. 199\u2013213. IEEE Computer Society, Washington (2007)"},{"key":"2_CR2","unstructured":"McDonald, A., Welland, R.: Agile web engineering (AWE) process. Technical report, Department of Computer Science, University of Glasgow, UK (December 2001)"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Kongsli, V.: Towards agile security in web applications. In: Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications (2006)","DOI":"10.1145\/1176617.1176727"},{"key":"2_CR4","volume-title":"Proceedings of the 6th international conference on Web engineering","author":"X. Ge","year":"2006","unstructured":"Ge, X., Paige, R.F., Polack, F.A.C., Chivers, H., Brooke, P.J.: Agile development of secure web applications. In: Proceedings of the 6th international conference on Web engineering. ACM, New York (2006)"},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1007\/11499053_7","volume-title":"Extreme Programming and Agile Processes in Software Engineering","author":"H. Chivers","year":"2005","unstructured":"Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol.\u00a03556, pp. 57\u201365. Springer, Heidelberg (2005)"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences, vol.\u00a07, p. 185a (2005)","DOI":"10.1109\/HICSS.2005.329"},{"key":"2_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1007\/978-3-540-27777-4_12","volume-title":"Extreme Programming and Agile Methods - XP\/Agile Universe 2004","author":"J. Wayrynen","year":"2004","unstructured":"Wayrynen, J., Bod\u00e9n, M., Bostrom, G.: Security Engineering and eXtreme Programming: An Impossible Marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP\/Agile Universe 2004. LNCS, vol.\u00a03134, pp. 117\u2013128. Springer, Heidelberg (2004)"},{"key":"2_CR8","unstructured":"Beznosov, K.: Extreme Security Engineering: On Employing XP Practices to Achieve \u201cGood Enough Security\u201d without Defining It. In: First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA (2003)"},{"key":"2_CR9","unstructured":"Agile Manifesto, \n \n http:\/\/agilemanifesto.org\/\n \n \n (Last date accessed 2009-12-10)"},{"key":"2_CR10","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1109\/52.991333","volume":"19","author":"E. Hieatt","year":"2002","unstructured":"Hieatt, E., Mee, R.: Going Faster: Testing The Web Application. IEEE Software\u00a019, 60\u201365 (2002)","journal-title":"IEEE Software"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Di Lucca, G.A., Fasolino, A.R., Faralli, F., De Carlini, U.: Testing Web applications. In: Proceedings of International Conference on Software Maintenance, pp. 310\u2013319 (2002)","DOI":"10.1109\/ICSM.2002.1167787"},{"key":"2_CR12","doi-asserted-by":"publisher","first-page":"1172","DOI":"10.1016\/j.infsof.2006.06.006","volume":"48","author":"G.A. Lucca Di","year":"2006","unstructured":"Di Lucca, G.A., Fasolino, A.R.: Testing Web-based applications: The state of the art and future trends. Information and Software Technology\u00a048, 1172\u20131186 (2006)","journal-title":"Information and Software Technology"},{"key":"2_CR13","unstructured":"Turner, D., Fossi, M., Johnson, E., Mack, T., Blackbird, J., Entwisle, S., Low, M.K., McKinney, D., Wueest, C.: Symantec Internet Security Threat Report: Trends for July-December 2007. Technical report, Symantec Corporation, Vol. XIII (2008)"},{"key":"2_CR14","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/MSECP.2003.1219078","volume":"1","author":"H.H. Thompson","year":"2003","unstructured":"Thompson, H.H.: Why Security Testing Is Hard. IEEE Security & Privacy\u00a01, 83\u201386 (2003)","journal-title":"IEEE Security & Privacy"},{"key":"2_CR15","unstructured":"Tappenden, A., Beatty, P., Miller, J., Geras, A., Smith, M.: Agile security testing of Web-based systems via HTTP Unit. In: Proceedings of Agile Conference, pp. 29\u201338 (2005)"},{"key":"2_CR16","unstructured":"Peeters, J.: Agile Security Requirements Engineering. In: Symposium on Requirements Engineering for Information Security (2005)"},{"key":"2_CR17","volume-title":"Software Security: Building Security","author":"G. McGraw","year":"2006","unstructured":"McGraw, G.: Software Security: Building Security. Addison-Wesley, Reading (2006)"},{"key":"2_CR18","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G. Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Engineering\u00a010, 34\u201344 (2005)","journal-title":"Requirements Engineering"},{"key":"2_CR19","unstructured":"R\u00f8stad, L.: An extended misuse case notation: Including vulnerabilities and the insider threat. In: The Twelfth Working Conference on Requirements Engineering: Foundation for Software Quality (2006)"},{"key":"2_CR20","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1109\/MSP.2005.23","volume":"3","author":"B. Arkin","year":"2005","unstructured":"Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Security & Privacy\u00a03, 84\u201387 (2005)","journal-title":"IEEE Security & Privacy"},{"key":"2_CR21","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/MSP.2005.3","volume":"3","author":"H.H. Thompson","year":"2005","unstructured":"Thompson, H.H.: Application penetration testing. IEEE Security & Privacy\u00a03, 66\u201369 (2005)","journal-title":"IEEE Security & Privacy"},{"key":"2_CR22","unstructured":"The Open Web Application Security Project. OWASP Testing Guide V3.0, \n \n http:\/\/www.owasp.org\/index.php\/Category:OWASP_Testing_Project\n \n \n (Last date accessed 2009-11-13)"},{"key":"2_CR23","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MS.2002.1003450","volume":"19","author":"I. Rus","year":"2002","unstructured":"Rus, I., Lindvall, M.: Knowledge management in software engineering. IEEE Software\u00a019, 26\u201338 (2002)","journal-title":"IEEE Software"},{"key":"2_CR24","unstructured":"Davidson, M.: Survey: Agile interest high, but waterfall still used by many. Agile Trends Survey (2008), \n \n http:\/\/searchsoftwarequality.techtarget.com\/news\/article\/0,289142,sid92_gci1318992,00.html\n \n \n (Last date accessed 2009-11-26)"},{"key":"2_CR25","volume-title":"The Art of Software Security Testing","author":"C. Wysopal","year":"2006","unstructured":"Wysopal, C., Nelson, L., Dustin, E., Nelson, L., Zovi, D.D.: The Art of Software Security Testing. Addison-Wesley, Reading (2006)"},{"key":"2_CR26","unstructured":"Erdogan, G., Baadshaug, E.T.: Extending SeaMonster to support vulnerability inspection modeling. Technical report, NTNU, Department of computer and information science (2008)"},{"key":"2_CR27","unstructured":"BugTraq mailing list, \n \n http:\/\/www.securityfocus.com\/archive\/1\n \n \n (Last date accessed 2009-11-13)"},{"key":"2_CR28","unstructured":"Common Vulnerabilities and Exposures, \n \n http:\/\/cve.mitre.org\/\n \n \n (Last date accessed 2009-11-13)"},{"key":"2_CR29","unstructured":"Computer Emergency Readiness Team (CERT), \n \n http:\/\/www.cert.org\/\n \n \n (Last date accessed 2009-11-13)"},{"key":"2_CR30","unstructured":"OWASP Top 10 vulnerabilities, \n \n http:\/\/www.owasp.org\/index.php\/Top_10_2007\n \n \n (Last date accessed 2009-11-13)"},{"key":"2_CR31","volume-title":"Web Security Testing Cookbook","author":"P. Hope","year":"2008","unstructured":"Hope, P., Walther, B.: Web Security Testing Cookbook. O\u2019Reilly, Sebastopol (2008)"},{"key":"2_CR32","unstructured":"The Open Web Application Security Project. OWASP Testing Guide V3.0, \n \n http:\/\/www.owasp.org\/index.php\/Category:OWASP_Testing_Project\n \n \n (Last date accessed 2009-12-02)"},{"key":"2_CR33","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MSP.2006.88","volume":"4","author":"M. Andrews","year":"2006","unstructured":"Andrews, M.: Guest Editor\u2019s Introduction: The State of Web Security. IEEE Security and Privacy\u00a04, 14\u201315 (2006)","journal-title":"IEEE Security and Privacy"},{"key":"2_CR34","unstructured":"PMD - Java source code scanner (Static Analysis Tool), \n \n http:\/\/pmd.sourceforge.net\/\n \n \n (Last date accessed 2009-11-14)"},{"key":"2_CR35","unstructured":"Acunetix Web Vulnerability Scanner, \n \n http:\/\/www.acunetix.com\/\n \n \n (Last date accessed 2009-11-14)"},{"key":"2_CR36","unstructured":"SeaMonster V3.0, \n \n http:\/\/sourceforge.net\/projects\/seamonster\/\n \n \n (Last date accessed 2009-11-14)"},{"key":"2_CR37","doi-asserted-by":"crossref","unstructured":"Baca, D., Petersen, K., Carlsson, B., Lundberg, L.: Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter? In: IEEE International Conference on Availability, Reliability and Security, pp. 804\u2013810 (2009)","DOI":"10.1109\/ARES.2009.163"}],"container-title":["Lecture Notes in Business Information Processing","Agile Processes in Software Engineering and Extreme Programming"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-13054-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,14]],"date-time":"2019-03-14T04:42:50Z","timestamp":1552538570000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-13054-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642130533","9783642130540"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-13054-0_2","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2010]]}}}