Detecting Software Security Vulnerability during an Agile Development by Testing the Changes to the Security Posture of Software Systems

摘要

The purpose of this quantitative quasi-experimental study is to identify the possible correlation between software changes and the likelihood that software releases developed using an agile methodology like DevOps will introduce vulnerabilities into the software application when integrated. There are several scholarly articles that provide details on how Agile development methodologies like scrum and DevOps rely on automated testing for security. The majority of literature on the subject recommend manual security and penetration testing, but there is currently no objective measure to determine when this manual testing should take place. In Agile scrum and in DevOps, manual security testing is usually conducted after a large feature is completed and integrated into production. If a correlation can be found between aspects of software changes and their propensity to introduce vulnerabilities into a software application, then that data can be used to build an objective process for measuring when manual security testing should be performed in Agile development.