Recently one of my friend ask if there is any good reference to to incorporate security testing with agile development. Unfortunately we didn't able to find any such reference.Although Rugged approach look promising and also claim to support agile way of security testing of application. The ultimate goal of including Security testing in SDLC is to produce secure code.
Rugged approach doesn't focus only finding vulnerabilities but try to improve overall capability of an organization to develop secure Code. To achieve this goal organization must establish process to monitor upcoming threats. there should be a communication path so everyone can share all the security-relevant information about the application . A standard mechanism of defence should be use across the organization . Don't trust third party component used in your product, establish guidelines for each component that details the secure use of that library. Build applications that will be largely resistant to the threats of the future for example using strong input validation, in-application attack detection and safe interpreter use can eliminate many flaws forever. Defences should be continuously verified and monitored all the way through development and into production. Being Rugged means that you constantly patch and refactor your software development organization to eliminate the organizational bugs that are causing insecure code.