Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Agile approach to building security into software development

Comsec Consulting Global : 17 September, 2008  (New Product)
Creating secure software applications simplified by secure agile software development lifecycle approach from Comsec Consulting.
Comsec Consulting has unveiled its updated approach to ensure a Secure Agile Software Development Lifecycle (SDLC).

Avi Douglen, Comsec's Senior Application Security Consultant, said, 'At Comsec, we have seen a substantial increase in the adoption of Agile software development methodologies. These promote development of software in small increments, with minimal planning, open collaboration and process adaptability throughout the lifecycle of the project.'

In a recent survey conducted by, over 65 per cent of respondents within organisations have adopted one or more Agile development techniques and 41 per cent have adopted one or more Agile methodologies. Agile development methods pose a great challenge to the often time-consuming requirements of security, such as full security audits and design documentation.

Mr Douglen continues, 'Comsec has developed a new approach which takes into account our customers' methodologies, Agile principles, organisational structure, staff knowledge, current technologies and available documentation. Comsec's innovative approach ensures the required level of software security and fully integrates to provide the benefits of Agile development methods and a Secure Software Development Lifecycle.'

Based on its extensive knowledge and experience, Comsec has revealed its Agile Secure Software Development Lifecycle approach which involves a combination of three general activities that ensure information security is involved within the development lifecycle of companies implementing Agile software development methods.

The three general activities are:.

*A small number of security focused sprints, or iterations, based on user security stories and other relevant software security requirements.
* Intense security days at critical phases of the design, construction and testing. These are a small piece of the regular iterations, and can be carried out in part by security experts who are part of the development team. Such efforts include lightweight Threat Modeling and focused security testing according to the business context before each major release.
* Security education for developers, testers, and management, in addition to use of automated tools.

An important aspect of Comsec's approach is knowledge transfer. As with Agile development itself, this is important because programmers often must make the right decisions themselves, without any supervisory process and minimal quality control. Comsec assists companies in establishing a secure Agile infrastructure and accompanies the process of Agile development methods implementation, whilst integrating security within the short time frames and changing situations organisations are facing.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo