WER2025 - 28th Workshop on Requirements Engineering

Incorporating Cybersecurity Requirements in Agile Development Processes

Gabriella Castro Barbosa Costa Dalpra; Victor Borges Loures de Paula; Marcelo Augusto Silva Belisário; Maria Júlia Marques Schettini; José Eduardo Fernandes; Tiago Pedrosa

10.29327/1588952.28-13

PDF Scholar

Abstract

The complexity and interconnectivity of modern software systems make cybersecurity a key concern. Each new device connected to a network increases security risks, and the rise of cyber threats and attack sophistication requires strong security measures from the start of development. Agile development methodologies are widely adopted for their ability to improve efficiency and flexibility in software development. However, these methodologies often lack clear guidance on how to incorporate security practices effectively. This gap can result in vulnerabilities being exploited by attackers, compromising the security of sensitive systems and data. Based on this fact, balancing security with agility is essential in today’s fast-paced digital landscape. Considering the application of cybersecurity requirements in agile development processes, since the beginning of the software development lifecycle, we propose the ASF Framework, developed using the Design Science Research approach. The framework evaluation focuses on its application to the OWASP ASVS cybersecurity standard and Scrum, using user stories with Acceptance Criteria and the Definition of Done to ensure clear and measurable development goals. This assessment was conducted in the context of a web platform that connects consumers and service providers, simplifying the process of offering and hiring services. The evaluation demonstrates the applicability of the ASF framework in a real-world scenario, and the results indicate that ASF effectively supported the identification of security requirements within an agile development context.

Keywords: Cybersecurity; Agile Methodologies. Security Requirements