Hazura Zulzalil

OBSTACLES IN MOVING TO AGILE SOFTWARE DEVELOPMENT METHODS; AT A GLANCE

It is only less than a decade that agile SD methods were introduced and got popular steadily. The defined values in these methods and their outcomes have motivated many software producers to use these methods. Since migration from traditional sof tware development methods to agile methods is growing highly, managers of the companies should be aware of problems, hindrances and challenges they may face with during the agile transformation process. This study focused on challenges which companies may face with and it is necessary that ma nagers think about solving them. Classifying them into four main categories; organization and management, people, process and tools are the areas that challenges have been seen in recent studies.

Current state of research on cross-site scripting (XSS) – A systematic literature review

Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. Method: We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Results: Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. Conclusion: XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment.

The impact of inadequate and dysfunctional training on Agile transformation process: A Grounded Theory study

Context Training is an essential facilitator in moving from traditional to Agile software development. Objective This paper addresses the importance of adequate and functional training in Agile transformation process, the causes of inadequate and dysfunctional training, and the heuristic strategies that can be used in software companies for dealing with this phenomenon. Method A Grounded Theory study was conducted with participation of 35 Agile experts from 13 different countries. Results This research discovered that inadequate and dysfunctional training was one of the critical issues that affected Agile transformation process. This study shows that comprehensive and functional training is not often provided to support Agile transformation. This paper shows the primary causes of inadequate and dysfunctional training, its adverse consequences on the transformation process, and the heuristic and ad-hoc treatments as the strategies used by Agile teams to cope with this challenge. Conclusion Comprehensive training is important in Agile transformation process. Inadequate and dysfunctional training causes several challenges and problems for software companies and development teams when moving to Agile. Several ad-hoc strategies identified by this study can be employed to help software teams and companies facing similar problems.

Exploring Key Factors of Pilot Projects in Agile Transformation Process Using a Grounded Theory Study

Changing development approach from disciplined to agile methods is an organizational mutation that requires many issues to be considered to increase its chance of success. Selecting an appropriate pilot project as initial project that is going to be done through an Agile method is a critical task. Due to the impact of such a pilot project on successful Agile transformation, understanding its critical factors helps organizations choose the most suitable project to start Agile transition. Conducting a Grounded Theory, showed that organization should considered some key factors of a pilot: Criticality, Duration, Size and Required resources. Besides these factors, the results showed that organization should be aware of the risk of successful pilot project in their next Agile projects. The study also showed that pilot selection mostly is done by Agile coaches or is forced by customer.

An Exploratory Study on Managing Agile Transition and Adoption

Software companies are replacing traditional software development methods with Agile methods due to coping with inherent problems of traditional methods. Due to the different nature of traditional and Agile methods, adaptation to Agile methods is not a simple process and needs to be managed in a sustainable way. In recent years, several studies have conducted on investigation of Agile migration journey, but less effort on identifying the serious managerial attentions in Agile transition process. Conducting a Grounded Theory in context of Agile software development, showed various aspects of the transition to be considered in order to having a successful change management process. This paper shows the important role of the emergent managerial attentions on success of Agile transition and adoption process.

Packet Header Anomaly Detection Using Statistical Analysis

The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset.

Relationships analysis between quality factors for Web applications

Software product quality should be evaluated using a defined quality model. The problem with earlier models was the lack of ability to account for dependency between the quality factors. In this paper, a case study on three different Web domains, i.e., academic, e-commerce and museum has been conducted to investigate the existence of interactions and dependencies between quality factors. The Pearson correlation technique has been applied in this study. The result indicated that for all 6 pairs of quality factors, for each pair, they are correlated to each other in all three domains. This means that there are interactions and dependencies between quality factors.

Refined garbage collection for open distributed systems with multicapabilities

Capabilities can provide information not only on a particular object, but also on which methods of the object an agent is permitted to invoke. Specific information about an agent‘s ‘knowledge’ is potentially very useful and can be manipulated in a variety of ways. This paper focuses on the LINDA coordination model of open distributed systems. One limited resource is memory, and garbage collection has already been proposed for the standard LINDA with multiple tuple-spaces (TSs) to avoid memory exhaustion. The implementation, however, was restricted to garbage collection of TSs. Taking into account the need for garbage collection not only for TSs, but also for tuples, this paper demonstrates how the garbage collection mechanism can be extended to handle unusable tuples, with the introduction of multicapabilities, which generalise capabilities to collections of objects.

Prevention of attack on Islamic websites by fixing SQL injection vulnerabilities using co-evolutionary search approach

In recent times, there is an alarming increase in web application attacks, with significant cases, specifically, targeting Islamic websites. Since 2004, SQL Injection Vulnerabilities (SQLIVs) remains the most serious software security loopholes via which web applications are exploited. Fixing SQLIVs prior to deployment would provide very effective means of protection against such exploits. Ideally, SQLIVs fixing includes four main phases: SQLIVs detection, fix generation, fix application, and fix effectiveness verification. Most existing research works address different phases separately. There is no single research that addresses the four phases in a seamless integrated automation. This paper presents instances of attack on Islamic websites, and then propose framework for seamless integrated and automated SQLIVs fixing for web application, as part of an ongoing research work. The framework employs Evolutionary Programming to establish competitive co-evolution of web applications and test sets, in which fitness of evolved web applications is evaluated based on their ability to defend test attacks and pass legitimate input tests.

Genetic Algorithm Application for Enhancing State-Sensitivity Partitioning

Software testing is the most crucial phase in software development life cycle which intends to find faults as much as possible. Test case generation leads the research in software testing. So, many techniques were proposed for the sake of automating the test case generation process. State sensitivity partitioning is a technique that partitions the entire states of a module. The generated test cases are composed of sequences of events. However, there is an infinite set of sequences with no upper bound on the length of a sequence. Thus, a lengthy test sequence might be encountered with redundant data states, which will increase the size of test suite and, consequently, the process of testing will be ineffective. Therefore, there is a need to optimize those test cases generated by SSP. GA has been identified as the most common potential technique among several optimization techniques. Thus, GA is investigated to integrate it with the existing SSP. This paper addresses the issue on deriving the fitness function for optimizing the sequence of events produced by SSP.