Modern development methodologies, such as Kanban and continuous integration and continuous deployment (CI/CD), are critical for web application development -- as software products must adapt to changing requirements and deploy products to users quickly. As web application attacks and exploited vulnerabilities are rising, it is increasingly crucial to integrate security into modern development practices. Yet, the iterative and incremental nature of these processes can clash with the sequential nature of security engineering. Thus, it is challenging to adopt security practices and activities in modern development practices. Dynamic Application Security Testing (DAST) is a security practice within software development frameworks that bolsters system security. This study delves into the intersection of Agile development and DAST, exploring how a software organization attempted to integrate DAST into their Kanban workflows and CI/CD pipelines to identify and mitigate security vulnerabilities within the development process. Through an action research case study incorporating interviews among team members, this research elucidates the challenges, mitigation techniques, and best practices associated with incorporating DAST into Agile methodologies from developers' perspectives. We provide insights into integrating security practices with modern development, ensuring both speed and security in software delivery.

翻译：现代开发方法论，如看板与持续集成和持续部署（CI/CD），对于Web应用程序开发至关重要——因为软件产品必须适应不断变化的需求，并快速向用户部署产品。随着Web应用程序攻击和被利用漏洞的增加，将安全性集成到现代开发实践中变得日益关键。然而，这些过程的迭代和增量特性可能与安全工程的顺序性质相冲突。因此，在现代开发实践中采用安全实践和活动具有挑战性。动态应用程序安全测试（DAST）是软件开发框架内的一种安全实践，旨在增强系统安全性。本研究深入探讨了敏捷开发与DAST的交集，探索了一家软件组织如何尝试将DAST集成到其看板工作流和CI/CD流水线中，以在开发过程中识别和缓解安全漏洞。通过一项结合团队成员访谈的行动研究案例，本研究从开发者的角度阐明了将DAST纳入敏捷方法所面临的挑战、缓解技术和最佳实践。我们为将安全实践与现代开发相结合提供了见解，以确保软件交付的速度与安全性。