Independent Security Testing on Agile Software Development: A Case Study in a Software Company

Agile methodologies are becoming increasingly common on Software Engineering Teams. Unfortunately, their relation with the security activities is complex to approach, even more complex when the Security Team has strong requirements of independence. This paper shows a case study of a software security testing process, based on the Microsoft Software Development Lifecycle for Agile, on a company moving their Software Engineering Teams from waterfall to agile. The results of this case study show a successful synchronization between the tasks of agile Software Engineering Teams and the independent Security Team.