Chapter 10

Architecture-Centric Testing for Security

An Agile Perspective

Sarah Al-Azzani, Ahmad Al-Natour and Rami Bahsoon,    University of Birmingham, Birmingham, UK


Verifying the security posture as a system evolves is indispensable for building deployable software systems. Traditional security testing lacks flexibility in (1) providing early feedback to the architect on the ability of the software to predict security threats so that changes are made before the system is built, (2) responding to changes in user and behavior requirements that could affect the security of software, and (3) offering real design fixes that do not merely hide the symptoms of the problem (i.e., patching).

We motivate the need for an architecture-level ...

Get Agile Software Architecture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.