Security Practices in Agile Software Development

Agile software development, widely embraced for its rapid response to organizational needs, faces challenges in seamlessly integrating security practices. Despite its success in delivering prioritized functionalities, there remain difficulties in meeting nonfunctional requirements, particularly security, making the alignment of security practices with agility a complex endeavor. This study conducts a mapping of 252 security practices identified from 35 primary studies, categorizing them into the Building Security In Maturity Model (BSIMM) and stages of the software development life cycle. Additionally, it identifies 38 benefits, emphasizing security awareness, implementation, and alignment with agility, alongside 95 challenges linked to knowledge gaps and complexity. The findings underscore ongoing efforts to integrate security practices in Agile environments, underscoring the importance of empirical evaluation and emphasizing the need to assess the actual benefits of proposed security practices in real world Agile software development.