Online Safety Community

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is true of software. For example, a simple user input field on a mobile or web app may require the user to enter their name or phone number. The coding is simple in this case. However, illicit input to these fields in the form of non-alphanumeric characters (such as symbols and certain sequences of characters) can render a poorly-written app useless—making it crash. This can reveal information allowing an attacker to further penetrate the app or website.

Utilizing an Agile SDLC can optimize your practices to overcome common software security challenges. Here are three elements to include in your current Agile process to ensure your life cycle is building security in.

Consider the potential negative consequences

To secure the app, Scrum security Training teams need to think of the potential negative consequences that could arise from entering illicit or invalid data into a user-input field, and what that input could be. There are many negative consequences to incorrect data entered into a user-input field. This can include the software crashing, or far worse, the attacker gaining privileges allowing them to take over the software.

The good news is that there are many measures against such attack scenarios to prevent the negative consequences. There is negativity involved when considering the potential attacks and the work required to design and build countermeasures. The extra planning lengthens the overall development and testing time of the app. This, in turn, is even more negativity to think about!

We can’t ignore software security and the negative potential associated with it. Go against the grain. Embrace the negativity.

Emphasize user experience

Designing and building software using the Agile methodology places great emphasis on the user experience. The principle of user stories allows development teams to see how the app is used, what it does, and above all, get a feel for the user experience. Knowing the user experience helps to determine the code that goes into the app to make that user experience a reality.

It is also important to consider the user’s security experience as well. A well-designed user interface and user experience are pivotal. But, also consider the non-functional aspects working behind the scenes to ensure security.

Introduce security user stories

Security isn’t easy. It’s not meant to be. However, there is an opportunity to build security into software during the design and build phases of the Agile life cycle. Facilitate this process by introducing security user stories.

Security user stories explore how to build the security requirements into software developed in Agile that also consider the user experience from the security perspective. Security user stories, just like regular user stories, are applied and used according to context, priority, and value (also known as story points) for each, particularly in a security scenario.

Views: 65

Reply to This

Take our poll!

Take our poll!

Latest Activity

Mark Nilson posted events
Friday
John Robinson posted an event
Thumbnail

A guide to practical Risk Management - Applying ISO14971 and IEC62304 at Philadelphia, PA

October 3, 2019 at 9am to October 4, 2019 at 6pm
Description:Gaps, incorrect or incomplete implementation of safety functionality can delay or make the certification/approval of medical products impossible. Most activities cannot be retroactively performed since they are closely linked into the development lifecycle. Diligent, complete and correct implementation of risk management from the start of product development is therefore imperative. This course will introduce all necessary steps to design, implement and test critical medical devices…See More
Friday
Adam Fleming posted a blog post

FOOD SUPPLY CHAIN – An Incredibly Easy Method That Works For All

A few sciences are changing our lives in more ways than we could have imagined a few decades ago. Artificial Intelligence (AI) is at the forefront of these. Although a few decades old, it has received a huge boost of late with the emergence of the cloud, which is set to help it overcome one of its biggest stumbling blocks, namely space, the added power of computing, and wider methods of algorithms.While one would like to associate AI with robotics, this is taking a very limited view of a topic…See More
Thursday
Mark Nilson posted events
Thursday

Forum

Green Smart Technical 800+ Turnkey Projects in UAE – Rope Access Company in Dubai

Green smart is an ISO 9001: 2015 QMS, OHSAS 18001: 2017 OHSMS, ISO 14001: …Continue

Tags: window, cleaning, services, facade, companies

Started by Manikandan Apr 23.

Workplace safety for workers other than your own 2 Replies

Do your workplace/traffic safety plans include safety measures for workers who are not your own employees? Do they take into account the safety of those who will be - or could be - at your workplace,…Continue

Tags: emt, paramedics, emergency, occupational, health

Started by John Petropoulos Memorial Fund. Last reply by Tara safe Mar 1.

What % of Dollars should be bugeted for All Safety Training for a "Heavy Equipment Road Construction" company with 100 employees? 1 Reply

I have been at a Highway and Road Construction company for six months. I am developing a (first) complete training program. I am the 1st full time safety hire for this company. I need to develop a…Continue

Started by JTurpening. Last reply by Jen McDade Feb 19.

Technology and Safety 1 Reply

What are the most useful tools to have at your fingertips? -Toolbox Talks-JSA-JHA-Daily Reports, etc. What is falling through the cracks that could be an easy fix? Safety Managers, Coordinators and…Continue

Tags: safety

Started by Drew stone. Last reply by Jen McDade Feb 15.

Important of Warning sign 1 Reply

Warning sign is a type of traffic sign that guide a hazard ahead on the road. Having proper warning sign on the road provide a healthy environment.Continue

Tags: Signs, Workplace, Safety, Sign, Warning

Started by healthandsafetysigns. Last reply by Jen McDade Jan 14.

Badge

Loading…

© 2019   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service