In today’s competitive business environment, it is more important than ever to develop applications not only accurately but quickly. The traditional “waterfall” method is effective, but requires so many steps that the process cannot keep up with today’s software development needs. Agile is a development methodology that speeds up software development dramatically, along with several other benefits that make it a popular methodology.
Vulnerabilities in applications pose an ongoing threat to business-critical data more than ever before. Organizations are faced with persistent threats that originate in their web applications. Many think that agile software development and application security cannot co-exist―in other words, that application security is a requirement that agile development teams cannot meet. They think that agile development is just too nimble and lean; it cannot be bothered with security, and any attempt to introduce application security into the process will have a great negative impact on the development process.
Having said that, organizations do report success with implementation of application security within the agile development process. How can this be achieved? In our white paper Agile Software Development for Application Security Managers, we analyze agile development from the standpoint of application security, and look at ways potentially to effectively implement security into the agile development methodology.