Security, a quality attribute in web applications, improves the level of quality in the processes needed to manage information, and therefore achieving business objectives. Web Engineering must address new challenges facing web application development in order to offer new techniques that guarantee high quality applications. This work is part of an over all project that focuses on Risk Assessment in web application development to help organizations determine security risks in information management systems. The formal approach to identifying and evaluating information assets is explored using the EBIOS method and the MAGERIT methodology. The previous phase of this research presented a methodological tool for asset identification in web applications [1]. This work presents a methodological tool for asset assessment. The work is carried out using a University Web Application to help the University achieve security risk assessment.
[1]
Brunil Romero,et al.
Simon's Intelligence Phase for Security Risk Assessment in Web Applications
,
2008,
Fifth International Conference on Information Technology: New Generations (itng 2008).
[2]
K. Seers.
Qualitative data analysis
,
2011,
Evidence Based Nursing.
[3]
Matt Bishop,et al.
Computer Security: Art and Science
,
2002
.
[4]
Ted G. Lewis,et al.
Can Internet-Based Applications Be Engineered
,
1998,
IEEE Software.
[5]
Hisham M. Haddad,et al.
A Methodological Tool for Asset Identification in Web Applications: Security Risk Assessment
,
2009,
2009 Fourth International Conference on Software Engineering Advances.
[6]
G. Johns.
Organizational Behavior: Understanding and Managing Life at Work
,
1996
.
[7]
Eleanor Shaw,et al.
A guide to the qualitative research process: evidence from a small firm study
,
1999
.