An Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications
H. Villamizar, A. A. Neto, M. Kalinowski, A. Garcia, D. Mendez, Fern\'andez

TL;DR
This paper presents a novel NLP-based approach to assist reviewers in identifying security issues in agile web application requirements, improving effectiveness and efficiency.
Contribution
The approach links user stories to security properties and uses focused reading techniques to enhance security review in agile development.
Findings
Significant improvement in review effectiveness.
Enhanced efficiency in security inspections.
Positive impact demonstrated through controlled experiments.
Abstract
Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in (review) meetings, they are often not aware that they should also discuss security-related topics, and (2) they typically do not have enough security expertise. These concerns become even more challenging in agile development contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach to support reviewing security-related aspects in agile requirements specifications of web applications. The designed approach considers user stories and security specifications as…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Research · Web Application Security Vulnerabilities · Software Reliability and Analysis Research
