What is Agile project management’s impact on software security?
Among software development models, Agile project management has emerged as a highly effective approach to developing quality software with the speed required by a software-driven world.
But what is Agile project management’s impact on software security? Does the focus on incremental development and tight iterations enable teams to more easily produce secure applications, or does the Agile process complicate software testing protocols?
Here’s a short overview of what is Agile product management and of the strategy for managing application security in the Agile process.
What is Agile project management?
The Agile Manifesto introduced the idea of Agile Software Development in 2001, and in the years since, this methodology has become the most popular approach to developing applications.
So what is Agile project management? As opposed to the traditional waterfall model where software development progresses steadily from conception to design, construction and production, Agile software development breaks projects down into segments of user functionality called “user stories.” These segments are prioritized and then continuously delivered in two-week cycles called sprints. By emphasizing incremental development and clear communication between members of a cross-functional development team, Agile methodology can produce useful software more quickly while improving customer satisfaction.
What is the Agile project management security profile?
Delivering software faster is only a benefit if the applications coming out of the Agile project management process are secure. So what is Agile project management’s reputation when it comes to security?
Many developers find the Agile methodology to be the most effective method for both code development and security testing. Because Agile allows testing to occur during the development phase rather than in a later security hardening stage, coding issues can be found earlier when they are easier and less costly to fix. With Agile, security as part of the process, not something tacked on at the end.
What is Agile project management security testing?
Security testing in Agile project management can take a number of forms – from static analysis and dynamic analysis to vendor application security testing for third-party code and software composition analysis for open source software. The challenge is to find security testing solutions that can be easily integrated into the developer’s IDE, avoiding the need to open a separate testing solution or to slow down development processes in order to accommodate testing.
What is a superior Agile project management testing solution?
CA Veracode provides web based application testing through a subscription-based service that integrates seamlessly with Agile processes and methodologies. Offering a comprehensive suite of automated testing solutions as well as desktop, mobile and web penetration testing services, CA Veracode enables Agile teams to embed security throughout the software lifecycle – from inception through design and coding through production.
Learn more about “What is Agile project management’s biggest benefit for application security?”