论文信息 - Web engineering security: a practitioner's perspective

Web engineering security: a practitioner's perspective

There are a number of critical factors driving security in Web Engineering. These include: economic issues, people issues, and legislative issues. This paper presents the argument that a Security Improvement Approach (SIA), which can be applied to different Web engineering development processes, is essential to successfully addressing Web application security. In this paper, the criteria that any SIA will have to address, for a Web engineering process, are presented. The criteria are derived with supporting empirical evidence based on an in-depth security survey conducted within a Fortune 500 financial service sector organization and supporting literature. The contribution of this paper is two fold. The criteria presented in this paper can be used to assess the security of an existing Web engineering process and also to guide Security Improvement Initiatives in Web Engineering.

Ray Welland | William Bradley Glisson | Andrew McDonald

[1] Ray Welland,et al. Web development evolution: the assimilation of Web engineering security , 2005, Third Latin American Web Congress (LA-WEB'2005).

[2] E. Bulman,et al. Global security , 1991, SGSC.

[3] San Murugesan. Web engineering , 1999, LINK.

[4] Gary McGraw,et al. Adopting a Software Security Improvement Program , 2005, IEEE Secur. Priv..

[5] Steven R. Rakitin. Software verification and validation - a practitioner's guide , 1997 .

[6] William L. Simon,et al. The Art of Deception: Controlling the Human Element of Security , 2001 .

[7] Marvin V. Zelkowitz,et al. Experimental Models for Validating Technology , 1998, Computer.

[8] Ray Welland,et al. Web development evolution: the business perspective on security , 2006 .

[9] Susan Hansche,et al. Official (ISC)2 Guide to the CISSP Exam , 2003 .

[10] Ray Welland,et al. Agile Web Engineering (AWE) Process: Perceptions within a Fortune 500 Financial Services Company , 2005, J. Web Eng..

[11] Andrew Gregory McDonald,et al. The Agile Web Engineering (AWE) process , 2001 .