skip to main content
10.1145/1145581.1145633acmconferencesArticle/Chapter ViewAbstractPublication PagesicweConference Proceedingsconference-collections
Article

Web engineering security: a practitioner's perspective

Published: 11 July 2006 Publication History

Abstract

There are a number of critical factors driving security in Web Engineering. These include: economic issues, people issues, and legislative issues. This paper presents the argument that a Security Improvement Approach (SIA), which can be applied to different Web engineering development processes, is essential to successfully addressing Web application security. In this paper, the criteria that any SIA will have to address, for a Web engineering process, are presented. The criteria are derived with supporting empirical evidence based on an in-depth security survey conducted within a Fortune 500 financial service sector organization and supporting literature. The contribution of this paper is two fold. The criteria presented in this paper can be used to assess the security of an existing Web engineering process and also to guide Security Improvement Initiatives in Web Engineering.

References

[1]
Berinato, S., The Bugs Stop Here, in CIO. 2003.
[2]
Berinato, S., Global Security, The Global State of Information Security 2005. 13/10/2005. http://www.cio.com/archive/091505/global.html
[3]
Deloitte, 2005 Global Security Survey. 2005, Deloitte Touché Tohmatsu: London. p. 1--44.
[4]
Deshpande, Y., Murugesan, S., Ginige, A., Hansen, S., Schwabe, D., Gaedke, M. and White, B., Web Engineering. Journal of Web Engineering, 2002. 1(No. 1): p. 3--17.
[5]
Dictionary.com, Trust. 03/12/2005. http://dictionary.reference.com/search?q=Trust
[6]
Exler, R., Security and the Application Development Process. 22/01/2006. http://www.csoonline.com/analyst/report3068.html {7} Gartner Research, Three Lenses Into Information Security. 2006. p. 1--4.
[7]
Gartner Research, Three Lenses Into Information Security. 2006. p. 1--4.
[8]
Glisson, W. B. and Welland, R. Web Development Evolution: The Assimilation of Web Engineering Security. in 3rd Latin American Web Congress. 2005. Buenos Aires - Argentina: IEEE CS Press.
[9]
Glisson, W. B., Glisson, L. M. and Welland, R. Web Development Evolution: The Business Perspective on Security. in Thirty-Fifth Annual Western Decision Sciences Institute. 2006. Hawaii: Western Decision Sciences Institute.
[10]
Glisson, W. B. and Welland, R., Web Engineering Security (WES) Application Survey Technical Report. 2006, University of Glasgow: Glasgow.
[11]
Gordon, L. A., Loeb, M. P., Lucyshyn, W. and Richardson, R., 2004 CSI/FBI Computer Crime Security Survey. 2004, Computer Security Institute. p. 2--18.
[12]
Gordon, L. A., Loeb, M. P., Lucyshyn, W. and Richardson, R., 2005 CSI/FBIComputer Crime Survey, in Tenth Annual. 2005, Computer Security Institute. p. 1--25.
[13]
Hansche, S., Berti, J. and Hare, C., Official (ISC)2 Guide to the CISSP Exam. 2004, Boca Raton: Auerbach Publications.
[14]
Hare, C., Policy Development, in Information Security Managment Handbook, Tipton, H.F. and Krause, M., (eds). 2004, Auerbach Publications: Boca Raton. p. 925--943.
[15]
Kaplan, R., A Matter of Trust, in Information Security Managment Handbook, Krause, H.F.T.a.M., (ed). 2004, Auerbach Publications: Boca Raton.
[16]
Lemos, R., Microsoft developers feel Windows pain. 23/10/2005. http://news.com.com/2100-1001-832048.html
[17]
Mcdonald, A., The Agile Web Engineering (AWE) Process, Ph.D. Thesis, in Department of Computing Science. 2004, University of Glasgow: Glasgow.
[18]
McDonald, A. and Welland, R., Agile Web Engineering (AWE) Process: Perceptions within a Fortune 500 Financial Services Company. Journal of Web Engineering, 2005. 4(4): p. 283--312.
[19]
McGraw, G., Software security, in IEEE Security & Privacy. 2004. p. 80--83.
[20]
Mimoso, M. S., Top Web application security problems identified SearchSecurity.com. April 12, 2005. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci873823,00.html?NewsEL=9.25
[21]
Mitnick, K., The art of deception : controlling the human element of security / Kevin D. Mitnick & William L. Simon. 2002, Indianapolis, Ind.: Wiley. 352.
[22]
Organization for Internet Safety, Guidelines for Security Vulnerability Reporting and Response. http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf
[23]
Rakitin, S. R., Software Verification and Validation: A practitioner's Guide. 1997, Boston: Artech House.
[24]
Systems Security Engineering Capability Maturity Model (SSE-CMM) Project, Systems Security Engineering - Capability Maturity Model (SSE-CMM) Model Description Document. 2003, Carnegie Mellon University: Pennsylvania. p. 1--340.
[25]
Taylor, D. and McGraw, G., Adopting a software security improvement program, in IEEE Security & Privacy. 2005. p. 88--91.
[26]
Zelkowitz, M. V. and Wallace, D. R., Experimental Models for Validating Technology. IEEE Computer, 1998. 31(5): p. 23--31.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ICWE '06: Proceedings of the 6th international conference on Web engineering
July 2006
384 pages
ISBN:1595933522
DOI:10.1145/1145581
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2006

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. development process
  2. security
  3. software engineering
  4. survey
  5. web engineering

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2015)Control Framework for Secure Cloud ComputingJournal of Information Security10.4236/jis.2015.6100206:01(12-23)Online publication date: 2015
  • (2015)Organizational Control Related to CloudCloud Technology10.4018/978-1-4666-6539-2.ch083(1798-1809)Online publication date: 2015
  • (2014)Organizational Control Related to CloudSecurity, Trust, and Regulatory Aspects of Cloud Computing in Business Environments10.4018/978-1-4666-5788-5.ch014(234-246)Online publication date: 2014
  • (2013)Teaching Web Engineering using a project component2013 IEEE Frontiers in Education Conference (FIE)10.1109/FIE.2013.6685055(1366-1368)Online publication date: Oct-2013
  • (2008)Web Application Development: Challenges And The Role Of Web EngineeringWeb Engineering: Modelling and Implementing Web Applications10.1007/978-1-84628-923-1_2(7-32)Online publication date: 2008
  • (2007)Web Engineering SecurityProceedings of the The Second International Conference on Availability, Reliability and Security10.1109/ARES.2007.160(707-714)Online publication date: 10-Apr-2007

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media