登入
選單
返回
Google圖書搜尋
Agile Software Architecture
Sarah Al-Azzani
Ahmad Al-Natour
Rami Bahsoon
其他書名
Chapter 10. Architecture-Centric Testing for Security: An Agile Perspective
出版
Elsevier Inc. Chapters
, 2013-11-27
主題
Computers / Programming / General
Computers / Software Development & Engineering / Systems Analysis & Design
Computers / Software Development & Engineering / General
Computers / Software Development & Engineering / Tools
Computers / General
ISBN
0128070307
9780128070307
URL
http://books.google.com.hk/books?id=o49zDAAAQBAJ&hl=&source=gbs_api
EBook
SAMPLE
註釋
Verifying the security posture as a system evolves is indispensable for building deployable software systems. Traditional security testing lacks flexibility in (1) providing early feedback to the architect on the ability of the software to predict security threats so that changes are made before the system is built, (2) responding to changes in user and behavior requirements that could affect the security of software, and (3) offering real design fixes that do not merely hide the symptoms of the problem (i.e., patching). We motivate the need for an architecture-level testing for security grounded on incremental and continuous refinements to support agile principles. We use architecture as an artifact for initiating the testing process for security through subsequent and iterative refinements. We extend the use of implied scenario to reveal undesirable behavior caused by ambiguities in users’ requirements and we analyze detection their security implications. This approach demonstrates how architecture-centric evaluation and analysis can assist in securing systems developed using an agile development cycle. We apply this approach to a case study to evaluate the security of identity management architectures. We reflect on the effectiveness of this approach in detecting vulnerable behaviors and the cost-effectiveness of refining the architecture before vulnerabilities are built into the system.
