{"id":"https://openalex.org/W7153544650","doi":"https://doi.org/10.1145/3779657.3779663","title":"Secure XP Programming: Integrating OWASP Practices and Lightweight Threat Modelling into Extreme Programming","display_name":"Secure XP Programming: Integrating OWASP Practices and Lightweight Threat Modelling into Extreme Programming","publication_year":2025,"publication_date":"2025-10-24","ids":{"openalex":"https://openalex.org/W7153544650","doi":"https://doi.org/10.1145/3779657.3779663"},"language":null,"primary_location":{"id":"doi:10.1145/3779657.3779663","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779657.3779663","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 7th World Symposium on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3779657.3779663","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133437602","display_name":"Ayah AlJabali","orcid":"https://orcid.org/0009-0005-3664-3483"},"institutions":[{"id":"https://openalex.org/I158749337","display_name":"Princess Sumaya University for Technology","ror":"https://ror.org/01jy46q10","country_code":"JO","type":"education","lineage":["https://openalex.org/I158749337"]}],"countries":["JO"],"is_corresponding":true,"raw_author_name":"Ayah AlJabali","raw_affiliation_strings":["King Hussein School of Computing Sciences, Princess Sumaya University for Technology, Amman, Jordan"],"affiliations":[{"raw_affiliation_string":"King Hussein School of Computing Sciences, Princess Sumaya University for Technology, Amman, Jordan","institution_ids":["https://openalex.org/I158749337"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112477196","display_name":"Muawya Aldalaien","orcid":null},"institutions":[{"id":"https://openalex.org/I158749337","display_name":"Princess Sumaya University for Technology","ror":"https://ror.org/01jy46q10","country_code":"JO","type":"education","lineage":["https://openalex.org/I158749337"]}],"countries":["JO"],"is_corresponding":false,"raw_author_name":"Muawya Aldalaien","raw_affiliation_strings":["King Hussein School of Computing Sciences, Princess Sumaya University for Technology, Amman, Jordan"],"affiliations":[{"raw_affiliation_string":"King Hussein School of Computing Sciences, Princess Sumaya University for Technology, Amman, Jordan","institution_ids":["https://openalex.org/I158749337"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5133437602"],"corresponding_institution_ids":["https://openalex.org/I158749337"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.87658243,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"34","last_page":"41"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9035000205039978,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9035000205039978,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.04010000079870224,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.02280000038444996,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/extreme-programming","display_name":"Extreme programming","score":0.7057999968528748},{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.6539000272750854},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5358999967575073},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.5346999764442444},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5311999917030334},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.48910000920295715},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48899999260902405},{"id":"https://openalex.org/keywords/extreme-programming-practices","display_name":"Extreme programming practices","score":0.4440000057220459},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.4032000005245209}],"concepts":[{"id":"https://openalex.org/C122944926","wikidata":"https://www.wikidata.org/wiki/Q209711","display_name":"Extreme programming","level":5,"score":0.7057999968528748},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.6539000272750854},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6312000155448914},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5727999806404114},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5358999967575073},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.5346999764442444},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5311999917030334},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.48910000920295715},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48899999260902405},{"id":"https://openalex.org/C170291536","wikidata":"https://www.wikidata.org/wiki/Q5422448","display_name":"Extreme programming practices","level":5,"score":0.4440000057220459},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.4032000005245209},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.39890000224113464},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3864000141620636},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.3481000065803528},{"id":"https://openalex.org/C174063052","wikidata":"https://www.wikidata.org/wiki/Q607013","display_name":"Pair programming","level":4,"score":0.3402999937534332},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.3386000096797943},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.33719998598098755},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.33329999446868896},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.33149999380111694},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3244999945163727},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.31709998846054077},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.30570000410079956},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2989000082015991},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2872999906539917},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.28349998593330383},{"id":"https://openalex.org/C11189718","wikidata":"https://www.wikidata.org/wiki/Q218152","display_name":"User story","level":4,"score":0.26600000262260437},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.25429999828338623},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3779657.3779663","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779657.3779663","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 7th World Symposium on Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3779657.3779663","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779657.3779663","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 7th World Symposium on Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W2170658686","https://openalex.org/W2294407885","https://openalex.org/W3088665584","https://openalex.org/W3198956673","https://openalex.org/W4293213332","https://openalex.org/W4362633669","https://openalex.org/W4399667855"],"related_works":[],"abstract_inverted_index":{"In":[0],"today\u2019s":[1],"world,":[2],"Extreme":[3],"Programming":[4],"(XP)":[5],"has":[6],"become":[7],"a":[8,55,74,134,149],"well":[9],"known":[10],"method":[11,84],"due":[12],"to":[13,45,58,125],"its":[14,25,28],"detailed":[15],"focus":[16],"on":[17],"feedback,":[18],"iterative":[19],"progress,":[20],"and":[21,72,101,115,143,154,181],"close":[22],"collaborations":[23],"with":[24,139],"users.":[26],"However,":[27],"original":[29],"design":[30],"does":[31],"not":[32],"ensure":[33],"coordinated":[34],"mechanisms":[35],"for":[36],"detecting":[37],"security":[38,63,86,152,168],"threats":[39,128],"throughout":[40],"the":[41,93],"development":[42,158,178],"process.":[43],"Therefore,":[44],"fix":[46],"this":[47,49,83,164],"breach,":[48],"paper":[50],"presents":[51],"Secure":[52,112,146],"XP":[53,59,89,147],"Programming,":[54,100,114],"lightweight":[56],"improvement":[57],"that":[60,163],"links":[61],"essential":[62],"practices":[64,90],"without":[65],"jeopardizing":[66],"agility.":[67],"By":[68],"incorporating":[69],"OWASP":[70,140],"principles":[71],"introducing":[73],"focused":[75],"way":[76],"called":[77],"Lightweight":[78],"Continuous":[79,102],"Threat":[80],"Modeling":[81],"(LCTM),":[82],"combines":[85],"into":[87],"key":[88],"such":[91],"as":[92],"Planning":[94],"Game,":[95],"Test-Driven":[96],"Development":[97],"(TDD),":[98],"Pair":[99,113],"Integration.":[103],"These":[104],"improvements":[105],"include":[106],"Security":[107,109],"Stories,":[108],"Acceptance":[110],"Criteria,":[111],"automated":[116],"vulnerability":[117],"scanning":[118],"during":[119,130],"CI":[120],"pipelines.":[121],"LCTM":[122],"enables":[123],"teams":[124],"address":[126],"future":[127],"early":[129],"sprint":[131],"planning":[132],"through":[133],"straightforward":[135],"checklist-based":[136],"interpretation":[137],"aligned":[138],"Top":[141],"10":[142],"ASVS":[144],"standards.":[145],"builds":[148],"culture":[150],"of":[151],"awareness":[153],"shared":[155],"responsibility":[156],"within":[157],"teams.":[159],"Conceptual":[160],"evaluation":[161],"indicates":[162],"approach":[165],"strengthens":[166],"baseline":[167],"while":[169],"sustaining":[170],"XP\u2019s":[171],"fast-paced":[172],"delivery":[173],"model,":[174],"making":[175],"secure":[176],"software":[177],"more":[179],"practical":[180],"accessible":[182],"in":[183],"real":[184],"world":[185],"agile":[186],"environments.":[187]},"counts_by_year":[],"updated_date":"2026-04-12T06:10:36.643156","created_date":"2026-04-12T00:00:00"}