Web Engineering Security: Essential Elements

Security is an elusive target in today's high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web engineering development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web engineering process from a security perspective. The second contribution is that these elements can be used to help guide security improvement initiatives in Web engineering

[1]  Marvin V. Zelkowitz,et al.  Experimental Models for Validating Technology , 1998, Computer.

[2]  Diana K. Smetters,et al.  In search of usable security: five lessons from the field , 2004, IEEE Security & Privacy Magazine.

[3]  Gary McGraw,et al.  Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと , 2006 .

[4]  Holly Gunn,et al.  Web-based Surveys: Changing the Survey Process , 2002, First Monday.

[5]  John Viega Building security requirements with CLASP , 2005, SOEN.

[6]  Andrew Gregory McDonald,et al.  The Agile Web Engineering (AWE) process , 2001 .

[7]  Ray Welland,et al.  Evaluation of Commercial Web Engineering Processes , 2004, ICWE.

[8]  Chen Wang,et al.  Taxonomy of security considerations and software quality , 2003, CACM.

[9]  Ray Welland,et al.  Agile Web Engineering (AWE) Process: Perceptions within a Fortune 500 Financial Services Company , 2005, J. Web Eng..

[10]  Steve Hansen,et al.  Creating a Discipline among Disciplines , 2001 .

[11]  Ray Welland,et al.  Web development evolution: the assimilation of Web engineering security , 2005, Third Latin American Web Congress (LA-WEB'2005).

[12]  Gary McGraw,et al.  Adopting a Software Security Improvement Program , 2005, IEEE Secur. Priv..

[13]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[14]  Ray Welland,et al.  Web engineering security: a practitioner's perspective , 2006, ICWE '06.

[15]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[16]  Ray Welland,et al.  Web development evolution: the business perspective on security , 2006 .

[17]  Steve Hansen,et al.  Web Engineering: Creating a Discipline among Disciplines , 2001, IEEE Multim..