Online Safety Community

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is true of software. For example, a simple user input field on a mobile or web app may require the user to enter their name or phone number. The coding is simple in this case. However, illicit input to these fields in the form of non-alphanumeric characters (such as symbols and certain sequences of characters) can render a poorly-written app useless—making it crash. This can reveal information allowing an attacker to further penetrate the app or website.

Utilizing an Agile SDLC can optimize your practices to overcome common software security challenges. Here are three elements to include in your current Agile process to ensure your life cycle is building security in.

Consider the potential negative consequences

To secure the app, Scrum security Training teams need to think of the potential negative consequences that could arise from entering illicit or invalid data into a user-input field, and what that input could be. There are many negative consequences to incorrect data entered into a user-input field. This can include the software crashing, or far worse, the attacker gaining privileges allowing them to take over the software.

The good news is that there are many measures against such attack scenarios to prevent the negative consequences. There is negativity involved when considering the potential attacks and the work required to design and build countermeasures. The extra planning lengthens the overall development and testing time of the app. This, in turn, is even more negativity to think about!

We can’t ignore software security and the negative potential associated with it. Go against the grain. Embrace the negativity.

Emphasize user experience

Designing and building software using the Agile methodology places great emphasis on the user experience. The principle of user stories allows development teams to see how the app is used, what it does, and above all, get a feel for the user experience. Knowing the user experience helps to determine the code that goes into the app to make that user experience a reality.

It is also important to consider the user’s security experience as well. A well-designed user interface and user experience are pivotal. But, also consider the non-functional aspects working behind the scenes to ensure security.

Introduce security user stories

Security isn’t easy. It’s not meant to be. However, there is an opportunity to build security into software during the design and build phases of the Agile life cycle. Facilitate this process by introducing security user stories.

Security user stories explore how to build the security requirements into software developed in Agile that also consider the user experience from the security perspective. Security user stories, just like regular user stories, are applied and used according to context, priority, and value (also known as story points) for each, particularly in a security scenario.

Views: 62

Reply to This

Take our poll!

Take our poll!

Latest Activity

Adam Fleming posted a blog post

Trial Registration and Results Reporting on ClinicalTrials.gov

The Final Rule for Clinical Trials Registration and Results Information Submission (42 CFR Part 11) clarifies and expands the regulatory requirements and procedures for submitting registration and results information for certain clinical trials to ClinicalTrials.gov, in accordance with Section 801 of the Food and Drug Administration Amendments Act (FDAAA 801).The Final Rule has been in effect since January 18, 2017. The International Committee of Medical Journal Editors (ICMJE) requires trial…See More
12 hours ago
Traininngdotcom-LLC posted a blog post

An Introductory overview of the FDA and EMA Requirements

The aim of this webinar is to provide an introductory overview of the requirements demanded by the FDA and EMA (arguably the two most important regulatory authorities for drug developers) for EIM (the IND and IMPD) and to provide an brief review of where the agencies differ as well the commonalities of approach for their EIM dossiers.Although each regulatory authority publishes guidelines and instructions regarding the requirements for the Entry Into Man (EIM) of a new medication, such…See More
13 hours ago
Training Doyens posted events
14 hours ago
Martin walker is now a member of Online Safety Community
Friday

Forum

Technology and Safety 1 Reply

What are the most useful tools to have at your fingertips? -Toolbox Talks-JSA-JHA-Daily Reports, etc. What is falling through the cracks that could be an easy fix? Safety Managers, Coordinators and…Continue

Tags: safety

Started by Drew stone. Last reply by Jen McDade on Friday.

Important of Warning sign 1 Reply

Warning sign is a type of traffic sign that guide a hazard ahead on the road. Having proper warning sign on the road provide a healthy environment.Continue

Tags: Signs, Workplace, Safety, Sign, Warning

Started by healthandsafetysigns. Last reply by Jen McDade Jan 14.

Workers paticipation in safety management 2 Replies

Workers paticipation in safety management is the aspect which is required to be implemented in the OHSAS 18001 2007 version. , I invite our experience community members to share their views on the…Continue

Tags: management, safety, in, paticipation, Workers

Started by SafetyRaja. Last reply by Tara safe Dec 27, 2018.

How to improve safety culture of factories 4 Replies

How to improve safety culture of factories having mostly contract and casual ever changing workers for whom training and monitoring both are major issues. Such qorkers are mainly meeting accidents in…Continue

Started by Harkant Dave. Last reply by Jen McDade Dec 24, 2018.

[General Industry] What is your workplace's policy on headphones? Working on one currently. 1 Reply

I have been tasked to create a headphones (and cell phone) policy for my employer. I am relatively new to this company, but so far they've let everyone listen to headphones and mess around with their…Continue

Tags: general, industry, distraction, music, phone

Started by Kyle C. Johnson. Last reply by Jen McDade Dec 19, 2018.

Badge

Loading…

© 2019   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service