Online Safety Community

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is true of software. For example, a simple user input field on a mobile or web app may require the user to enter their name or phone number. The coding is simple in this case. However, illicit input to these fields in the form of non-alphanumeric characters (such as symbols and certain sequences of characters) can render a poorly-written app useless—making it crash. This can reveal information allowing an attacker to further penetrate the app or website.

Utilizing an Agile SDLC can optimize your practices to overcome common software security challenges. Here are three elements to include in your current Agile process to ensure your life cycle is building security in.

Consider the potential negative consequences

To secure the app, Scrum security Training teams need to think of the potential negative consequences that could arise from entering illicit or invalid data into a user-input field, and what that input could be. There are many negative consequences to incorrect data entered into a user-input field. This can include the software crashing, or far worse, the attacker gaining privileges allowing them to take over the software.

The good news is that there are many measures against such attack scenarios to prevent the negative consequences. There is negativity involved when considering the potential attacks and the work required to design and build countermeasures. The extra planning lengthens the overall development and testing time of the app. This, in turn, is even more negativity to think about!

We can’t ignore software security and the negative potential associated with it. Go against the grain. Embrace the negativity.

Emphasize user experience

Designing and building software using the Agile methodology places great emphasis on the user experience. The principle of user stories allows development teams to see how the app is used, what it does, and above all, get a feel for the user experience. Knowing the user experience helps to determine the code that goes into the app to make that user experience a reality.

It is also important to consider the user’s security experience as well. A well-designed user interface and user experience are pivotal. But, also consider the non-functional aspects working behind the scenes to ensure security.

Introduce security user stories

Security isn’t easy. It’s not meant to be. However, there is an opportunity to build security into software during the design and build phases of the Agile life cycle. Facilitate this process by introducing security user stories.

Security user stories explore how to build the security requirements into software developed in Agile that also consider the user experience from the security perspective. Security user stories, just like regular user stories, are applied and used according to context, priority, and value (also known as story points) for each, particularly in a security scenario.

Views: 55

Reply to This

Take our poll!

Take our poll!

Latest Activity

Roger Steven posted a blog post

Does WhatsApp show compliance with HIPAA requirements?

WhatsApp! Can life be imagined without this app on our mobile phones? When we have at the tip of our fingerprints an app with which we send out messages on everything from a family outing to an earthshattering political development day in and day out; why should we expect healthcare information to be excluded from WhatsApp messaging?One thing that is certain is that messaging about medical records on WhatsApp cannot be stopped. The fact that WhatsApp announced that it was introducing end-to-end…See More
7 hours ago
Mark Nilson posted events
11 hours ago
HrishikeshRam posted blog posts
13 hours ago
Training Doyens posted events
13 hours ago

Forum

AI Machine Learning In Businesses How wоuld уоu define a small buѕinеѕѕ, thе number оf реrѕоnеl, thе size оf the budget, оr ѕаlеѕ?

How wоuld уоu define a small buѕinеѕѕ, thе number оf реrѕоnеl, thе size оf the budget, оr ѕаlеѕ?However you define уоur оwn ѕmаll business, it tоо can tаkе advantage оf thе AI/ …Continue

Tags: elite, crest, technologies, intelligence, Artificial

Started by emmablisa yesterday.

Distracted Driving 1 Reply

****WARNING**** Despite the fact that this is a life event portrayed by actors, it's graphic. This video should be part of…Continue

Tags: texting, fatality, safety, car, driving

Started by Wendy. Last reply by Jen McDade Dec 5.

Safety update: OSHA announces fit-test procedures 1 Reply

Fabricators as well as other workers may be required to use respirators to protect themselves from inhaling fumes, particles, or dust when performing cutting, grinding, welding, coating, or painting,…Continue

Tags: online, training, Safety, workplace, PPE

Started by Safety Training International. Last reply by Jen McDade Dec 4.

Proper guarding protects workers: Six steps to focusing on your employees' needs 1 Reply

When people think of machine guarding, usually they think of devices to protect people from the moving parts on machinery.When people think of machine guarding, usually they think of devices to…Continue

Tags: training, compliance, PPE, Training, Safety

Started by Safety Training International. Last reply by Jen McDade Dec 4.

Badge

Loading…

© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service