Academic Paper Writing Servicehttp://StudyHub.vip/A-SYSTEMATIC-LITERATURE-REVIEW-ON-SECUR

1. http://www.iaeme.com/IJARET/index.asp 2966 editor@iaeme.com
International Journal of Advanced Research in Engineering and Technology (IJARET)
Volume 11, Issue 12, December 2020, pp. 2966-2974, Article ID: IJARET_11_12_278
Available online at http://www.iaeme.com/IJARET/issues.asp?JType=IJARET&VType=11&IType=12
Journal Impact Factor (2020): 10.9475 (Calculated by GISI) www.jifactor.com
ISSN Print: 0976-6480 and ISSN Online: 0976-6499
DOI: 10.34218/IJARET.11.12.2020.278
© IAEME Publication Scopus Indexed
A SYSTEMATIC LITERATURE REVIEW ON
SECURE SOFTWARE DEVELOPMENT: AGILE
PERSPECTIVE
Sangeeta Mishra
PhD., Research Scholar, Computer Science & Engineering,
Integral University, Lucknow, Uttar Pradesh, India
Dr. M. Akheela Khanum
Professor & Head, Computer Science & Engineering,
Integral University, Lucknow, Uttar Pradesh, India
ABSTRACT
Background: The field of software development is not shy of presenting new
procedures. For sure, over the most recent 25 years, various ways to deal with software
development have been presented, of which just few are being adopted in present times.
Agile Methodologies were introduced to meets the new requirements of the software
development. Software engineers are confronting expanded strain to bring down time
spent in developing software, provide updates and new versions of existing software and
maintain their pace with the fastly changing trends in market. This new context leads
engineers and organizations to move from an arrangement based cascade development
cycle to an adaptable agile cycle. To create secure software, numerous organizations
use security designing cycles that are plan weighty and unbendable.
Review Aim: The goal of the paper is to audit how to create secure software in an
agile cycle. What existing prescribed procedures can be fused into an agile extend and
still give a similar advantage if the task was utilizing a cascade cycle. How the
prescribed procedures can be consolidated and adjusted to fit the cycle while as yet
estimating the improvement.
Outcomes: The base agile and security versatility was assessed in efficient writing,
by analysts and specialists. The security designing accepted procedures were bunch
dependent on their motivation and their similarity with the agile cycle.
Key words: Agile Software Development, Security activities, security requirements.
Cite this Article: Sangeeta Mishra and M. Akheela Khanum, A Systematic Literature
Review on Secure Software Development: Agile Perspective, International Journal of
Advanced Research in Engineering and Technology, 11(12), 2020, pp. 2966-2974.
http://www.iaeme.com/IJARET/issues.asp?JType=IJARET&VType=11&IType=12

2. A Systematic Literature Review on Secure Software Development: Agile Perspective
http://www.iaeme.com/IJARET/index.asp 2967 editor@iaeme.com
1. INTRODUCTION
As is known, a few strategies for creating software have been created all together produce
quality and develop software. In software development models, the attention is on how required
development stages will be coordinated to have the option to finish a software venture at
arranged time and cost imperatives. Additionally, the achievement in software ventures intends
to complete the software that satisfies all the highlights and capacities decided toward the start
with the arranged time and financial plan. The software business has formalized agile item
development in different types of agile software development methods. For serious reasons,
designers regularly utilize these strategies for web and organization applications where security
chances are conspicuous. In spite of the conspicuous dangers, the current agile strategies have
not many highlights explicitly tending to security hazards. Subsequently, agile software items
will need security insurance except if such assurance is added afterwards. Subsequently
adding of security highlights to software requires sense of courage from software engineers and
executives. One motivation behind why the agile procedures ignore security issues may come
from confusion that it is, indeed, security that disappoints the development25. This is substantial
with by far most of the current security strategies [3, 4, and 22]. Utilizing an agile cycle and
creating secure software can make issues for engineers. The arranging and exacting structure
that security designing cycles use has been supplanted with an adaptable, simple to adjust
measures that qualities snappy engineer connection rather than authentic gatherings and
archived choices. This philosophical contrasts among security and agile makes various issues
for security best practices, for example the pragmatic activities that are acted in security
designing cycle. Despite the combination of expounding on agile software development, we
couldn't find any that would feature about expected bottlenecks of agile software development.
However, according to Kane2
each cycle has a bottleneck – a most vulnerable connection in the
chain that limits throughput. Recognizing and rectifying it will expand throughput what
prompts more benefit.
2. REVIEW DESIGN
The creators arrange research on agile in four essential subjects: introduction and determination,
human and social factors, bits of knowledge on agile procedures, and close to assessments.
They find that there is a prerequisite for more careful, high caliber, exact investigations.
Figure 1 Classifications

3. Sangeeta Mishra and M. Akheela Khanum
http://www.iaeme.com/IJARET/index.asp 2968 editor@iaeme.com
Figure 1 portrays the hunt classes and the commitments of this audit. The inquiry
classifications are adjusted from past writing surveys.
2.1. Review Stage 1 Agile
Software designing (SE) research has customarily centered around strategies, techniques and
ideas that are by and large appropriate. Logical software, not withstanding, works in specific
spaces. Diane Kelly suggested that the territory unequivocality of science may explain why
outcomes of investigation in SE have recently only from time to time been arranged toward
intelligent or logical computing2. Agile software development (ASD) is huge perspective, in
field of software planning which has been for the most part got by the business, and much
investigation, disseminations have coordinated on agile development strategies over the earlier
decade. The standard technique to make software systems follow the nonexclusive planning
perspective of requirements, plan, create, and keep up. These frameworks are similarly called
course based taking from the conventional software development perspective. In spite of the
fact that agile systems are generally utilized and acknowledged by the software development
firms. The expression "agile requirements designing" is used to describe the agile technique for
masterminding, executing, and considering requirements planning activities. Kane2 et al.
introduced requirements designing practices received and provokes looked by agile groups to
see how conventional requirements designing issues are settled utilizing agile requirements
designing. Most as of late, E. Hossain10 give a review of the hypothetical points of view that
are utilized by research on agile ISD, however as the creators state themselves, the indexed lists
are restricted on the grounds that solitary the subject of studies were looked, and the inquiry
strings depended on a formerly characterized catchphrase rundown of twenty hypothetical
viewpoints, including lightweight hypothetical viewpoints. Experts and researchers have given
a various methodology and approaches in table 1 and 2.

4. A Systematic Literature Review on Secure Software Development: Agile Perspective
http://www.iaeme.com/IJARET/index.asp 2969 editor@iaeme.com
2.2. Review Stage 2
Security with Agile Approach
Agile development follows a casual and adaptable methodology which is not quite the same as
plan-driven development which depends on broad formalization and documentation. A
restricted measure of formalization is needed in agile development any place important. It
normally lays accentuation on casual, dynamic, and unsaid information driven strategies to grow
high business-esteem ventures. The Agile Manifest unmistakably portrays these guiding
principles. The most extreme priority is given to persistent and early conveyance of the software
to fulfill the client. Changing requirements are invited, even late in the development. Agile cycle
can consolidate these progressions and give specialized edge to the clients. The essential
proportion of the advancement is the working software. The best plans and designs develop
from self-putting together groups. The vast majority of the past work in regards to security
issues in agile has zeroed in mostly on writing overview and few scientists have likewise
utilized industry criticism alongside observational techniques for finishing up their outcomes.
Harrison S et al29
run after agile security confirmation. They examined the confuses between
procedures of creating agile advancement and the security affirmation strategies. In view of the
writing considers, not many strategies which are distinguished gel with agile techniques and
the other few are dismissed since they confuse with agile. Rindell K28
exhibited how the
security highlights can be incorporated into agile strategies. They pinted on security issues in
creating agile software at that point delineated how these can be executed in FDD. Gundelsby14
utilized two SE measures specifically, Comprehensive Lightweight Application Security
Process (CLASP) and Microsoft SDL to recognize and assess security activities and practices.

5. Sangeeta Mishra and M. Akheela Khanum
http://www.iaeme.com/IJARET/index.asp 2970 editor@iaeme.com
The paper has introduced a calculation, which utilizes count of Agility Degree dependent on
nine readiness includes and further utilizing this for broadening agile cycles with security
activities. Another methodology is to incorporate security activities from grounded SE
measures. Mougouei D18 et. al examined diverse realized Security Engineering measures and
recognized the security activities.

6. A Systematic Literature Review on Secure Software Development: Agile Perspective
http://www.iaeme.com/IJARET/index.asp 2971 editor@iaeme.com
3. AFFECTED SECURITY PARAMETERS
Agile is supplanting the conventional 'Waterfall' approach for software and computerized
venture development. What is required is a method of installing security into the Agile cycle
without hindering the quick development nature of Agile. Simultaneously, we need to give the
accreditor and the senior entrepreneur the confirmation they need to officially close down the
framework for live use. The focal point of this work will be on audit of security parameters
(table 3) that can be utilized inside Agile runs to create secure applications and to offer
confirmation to both the accredit or senior entrepreneur that any specialized dangers have been
alleviated.
4. CRITICAL OBSERVATION
This paper provides a literature review in three segments for secure agile development as
indicated by the need of a specific venture while keeping in thought the prerequisite of each
partner including client, group, and task investigator. A careful audit of writing was finished
utilizing research papers between 2003 to 2020. In light of this audit, we noticed that there is
broad proof that mix would completely profit IT associations that utilization the agile

7. Sangeeta Mishra and M. Akheela Khanum
http://www.iaeme.com/IJARET/index.asp 2972 editor@iaeme.com
methodology in making secure software. In the cutting edge world, individuals wish to utilize
software for some reasons. Without an appropriate software development measure that can make
secure software, perilous and surprising outcomes may happen. Basic perceptions are:
• Attention to coordinates security estimations in agile structure.
• Improvised security parameters on agile approach
• Need to develop agile specific security activities
REFERENCES
[1] M. Poppendieck, and T. Poppendieck, Lean Software Development: An Agile Toolkit, Addison-
Wesley Longman, 1st ed., Amsterdam, 2003.
[2] Kane, D. W., Hohman, M. M., Cerami, E. G., McCormick, M. W., Kuhlmman, K. F. and Byrd,
J.
[3] 2006. Agile methods in biomedical software development: a multi-site experience report. BMS
Bioinformatics 7 (273), 1-12.
[4] S. Nerur and V. Balijepally, “Theoretical Re -fl ections on Agile Development Methodolo-gies,”
Comm. ACM, vol. 50, no. 3, 2007, pp. 79–83
[5] S. Nerur, R. Mahapatra, and G. Mangalaraj, “Challenges of Migrating to Agile Methodolo-
gies,” Comm. ACM, vol. 48, no. 5, 2005, pp. 72–78.
[6] F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, and F. Vraalsen, “Model-based security
analysis in seven steps - a guided tour to the CORAS method,” BT Technology Journal, vol. 25,
no. 1, pp. 101–117, 2007.
[7] T. Dyba and T. Dingsøyr, “Empirical Studies of Agile Software De- ˚ velopment: a Systematic
Review,” Journal of Information and Software Technology, vol. 50, pp. 833–859, 2008.
[8] Georgios Papadopoulosa,, “Moving from traditional to agile software development
methodologies also on large, distributed projects”, Procedia - Social and Behavioral Sciences,
Vol. 175, pp. 455 – 463, 2015.
[9] Sergio Galvana, Manuel Morab, Rory V. O Connorc, Francisco Acostad, Francisco Alvareze,
“A Compliance Analysis of Agile Methodologies with the ISO/IEC 29110 Project
Management Process”, Procedia Computer Science, Vol. 64, pp. 188 – 195, 2015.
[10] P. Sfetsos and I. Stamelos, “Empirical Studies on Quality in Agile Practices: A Systematic
Literature Review”, 2010 Seventh International Conference on the Quality of Information and
Communications Technology (QUATIC), pp. 44–53, 2010.
[11] E. Hossain, M. A. Babar, and H. Paik, “Using Scrum in Global Software Development:
A Systematic Literature Review”, 2009 Fourth IEEE International Conference on Global
Software Engineering (ICGSE), pp. 175–184, 2009.
[12] T. S. da Silva, A. Martin, F. Maurer, and M. Silveira, “User-Centered Design and Agile Methods:
A Systematic Review”, 2011 AGILE Conference, pp. 77–86, 2011.
[13] L. F. Chagas, D. D. Carvalho, A. M. Lima, and C. A. L. Reis, “Systematic Literature Review on
the Characteristics of Agile Project Management in the Context of Maturity Models”,
Software Process Improvement and Capability Determination, pp. 177–189, 2014.
[14] M. Hummel, C. Rosenkranz, and R. Holten, “The Role of Communication in Agile Systems
Development”, Business & Information Systems Engineering, vol. 5, no. 5, pp. 343–355, 2013.
[15] Gundelsby, J.H. (2018) Enabling autonomous teams in large-scale agile through architectural
principles. in Proceedings of the Scientific Workshops of XP2018. 2018. Porto, Portugal: ACM

8. A Systematic Literature Review on Secure Software Development: Agile Perspective
http://www.iaeme.com/IJARET/index.asp 2973 editor@iaeme.com
[16] Hoda, R. and Noble, J. (2017) Becoming Agile: A Grounded Theory of Agile Transitions
in Practice. in 2017 IEEE/ACM 39th International Conference on Software Engineering
(ICSE). 2017.
[17] Lindsjorn, Y. and R. Moustafa, R. (2018) Challenges with lack of trust in agile projects with
autonomous teams and fixed-priced contracts. in Proceedings of the Scientific Workshops of
XP2018. 2018. Porto, Portugal: ACM.
[18] Prixit Raj, Project Management In Era Of Agile And Devops Methodologies’, International
Journal Of Scientific & Technology Research Volume 9, Issue 01, January 2020.
[19] Mougouei D, Sani NFM, Almasi MM (2013) S-scrum: a secure methodology for agile
development of web services. World of Computer Science and Information Technology
Journal 3(1) 15-19.
[20] Agile Manifesto (2017) Principles behind the Agile Manifesto.
http://agilemanifesto.org/principles.html. Accessed December 2017
[21] Azham Z, Ghani I, Ithnin N (2011) Security backlog in Scrum security practices. In Software
Engineering (MySEC), 2011 5th Malaysian Conference in. IEEE pp 414-417
[22] Bartsch S (2011) PracNNoners’ perspecNves on security in agile development. In Availability,
Reliability and Security (ARES), 2011 Sixth International Conference on. IEEE pp 479-484
[23] Beznosov K, Kruchten P (2004) Towards agile security assurance. Proceedings of the 2004
workshop on New security paradigms, ACM, pp 47-54
[24] Sonia and A. Singhal, “Development of Agile Security Framework Using a Hybrid Technique
for Requirements Elicitation,” in Advances in Computing, Communication and Control.
Springer, 2011, vol. 125, pp. 178–188
[25] J. Peeters, “Agile Security Requirements Engineering,” 2005, presented at the Symposium on
RE for Information Security
[26] A. Avizienis, J. C. Laprie, B. Randell, and C. Landwehr. 2004. Basic concepts and taxonomy
of dependable and secure computing. IEEE transactions on dependable and secure computing
1, 1 (2004), 11--33.
[27] Baca D, Carlsson B (2011) Agile development with security engineering activities. In:
Proceeding of the 2nd workshop on software engineering for sensor network applications, pp
149–158.
[28] Baca D (2012) Developing secure software in an agile process. Computer Science Department,
Blekinge Institute of Technology Sweden, Karlskrona, pp 129–149
[29] Rindell K, Hyrynsalmi S, Leppänen V (2017) Busting a myth: review of agile security
engineering methods.
[30] Harrison S et al (2016) A security evaluation framework for U.K. E-government services agile
software development. Int J Netw Secur Appl (IJNSA) 8(2):51–69.
[31] Rindell K, Hyrynsalmi S, Leppänen V (2019) Challenges in agile security engineering: a case
study. In: Felderer M, Scandariato R (eds) Exploring security in software architecture and
design. IGI Global, Hershey, PA, pp 287–312.
[32] Leron Zinatullin, 2020, Embedding Security in the Agile Product Development, ISACA.
[33] D. S. Cruzes, M. Felderer, T. D. Oyetoyan, M. Gander, and I. Pekaric, ‘‘How is security testing
done in agile teams? A cross-case analysis of four software teams,’’ in Agile Processes in
Software Engineering and Extreme Programming (Lecture Notes in Business Information
Processing), vol. 283. Cham, Switzerland: Springer, 2017, pp. 201–216.
[34] A. Firdaus, I. Ghani, and S. R. Jeong, ‘‘Secure feature driven development (SFDD) model for
secure software development,’’ Procedia Social Behav. Sci., vol. 129, pp. 546–553, May 2014.

9. Sangeeta Mishra and M. Akheela Khanum
http://www.iaeme.com/IJARET/index.asp 2974 editor@iaeme.com
[35] I. Ghani, Z. Azham, and S. R. Jeong, ‘‘Integrating software security into agile-Scrum method,’’
KSII Trans. Internet Inf. Syst., vol. 8, no. 2, pp. 646–663, 2014.
[36] B. Musa and S. Norita, ‘‘Systematic review of Web application security,’’ Artif. Intell. Rev., pp.
259–276, 2015.
[37] S. Al-Amin, N. Ajmeri, H. Du, E. Z. Berglund, and M. P. Singh, ‘‘Toward effective adoption
of secure software development practices,’’ Simul. Model. Pract. Theory, vol. 85, pp. 33–46,
Jun. 2018.
[38] H. Homaei and H. R. Shahriari, ‘‘Athena: A framework to automatically generate security test
oracle via extracting policies from source code and intended software behaviour,’’ Inf. Softw.
Technol., vol. 107, pp. 112–124, Mar. 2019.
[39] C. Wijayarathna and N. A. G. Arachchilage, ‘‘Why Johnny can’t develop a secure application?
A usability analysis of java secure socket extension API,’’ Comput. Secur., vol. 80, pp. 54–73,
Jan. 2019