Secure, Resilient, and Agile Software Development by Mark Merkow

Sample acceptance criteria for seven categories of application security functions or attributes.

Appendix A is offered as a small subset of pre-written acceptance criteria for application product user stories that have an associated business function, such as log-in to gain access to data and services. These items either cover a broad range of topics related to required security functions or describe a set of desirable security attributes that are observable as the application undergoes testing that leads to user story or Definition of Done completion. These are useful directly or are adaptable to organization-specific requirements for security and specific tools in use. Mostly, these ...