Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An approach for reviewing security-related aspects in agile requirements specifications of web applications
Pontifical Catholic University of Rio de Janeiro, BRA.
Pontifical Catholic University of Rio de Janeiro, BRA.
Pontifical Catholic University of Rio de Janeiro, BRA.
Pontifical Catholic University of Rio de Janeiro, BRA.
Show others and affiliations
2019 (English)In: Proceedings of the IEEE International Conference on Requirements Engineering, IEEE Computer Society , 2019, p. 86-97Conference paper, Published paper (Refereed)
Abstract [en]

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in meetings, they are often unaware that they should also discuss security-related topics, and (2) they typically do not have enough expertise in security. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach for reviewing security-related aspects in agile requirements specifications of web applications. The approach considers user stories and security specifications as input and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach then identifies high-level security requirements from the Open Web Application Security Project to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via two controlled experiment trials. We compare the effectiveness and efficiency of novice inspectors verifying security aspects in agile requirements using our approach against using the complete list of high-level security requirements. The (statistically significant) results indicate that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency. © 2019 IEEE.

Place, publisher, year, edition, pages
IEEE Computer Society , 2019. p. 86-97
Keywords [en]
Agile requirements, Requirements verification, Software inspection, Software security, Computer software selection and evaluation, Cryptography, Defects, Efficiency, Life cycle, Natural language processing systems, Requirements engineering, Software design, Specifications, Verification, Effectiveness and efficiencies, NAtural language processing, Open web application security projects, Software development life cycle, Network security
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-19084DOI: 10.1109/RE.2019.00020Scopus ID: 2-s2.0-85076927129ISBN: 9781728139128 (print)OAI: oai:DiVA.org:bth-19084DiVA, id: diva2:1383924
Conference
27th IEEE International Requirements Engineering Conference, RE, Ramada Plaza Jeju Ocean FrontJeju Island; South Korea, 23 September 2019 through 27 September 2019
Available from: 2020-01-09 Created: 2020-01-09 Last updated: 2020-01-09Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Mendez, Daniel

Search in DiVA

By author/editor
Mendez, Daniel
By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf