A Security Testing Framework for Scrum based Projects

Abstract

Agile software development methods are characterized by adapting to changing customer requirements and delivering software products in less time. Scrum is one of the most common agile development methods that are used in large software companies like HP, Yahoo, Google, etc. Scrum achieves advantages in time and cost but they may fail in producing software that has good security properties. The weakness in security properties may due to the lack of clear security standard or framework that can be adopted from the beginning of the project. In addition, several studies mentioned that most security vulnerabilities that were left in software during development processes cause threats and cybercrimes. The paper proposes a Scrum security framework that focuses on testing the security of software in Scrum projects. Moreover, the proposed framework can help the team to enhance the security of the software product, minimize the risk of threats, and reduce the cost of fixing the software bugs.