ABSTRACT
The application of security in web application is of profound importance due to the extended use of web for business. Most of the attacks, are either because the developers are not considering security as a concern or due to the security flaws in designing and developing the applications. The enforcement of security in the software development life cycle of the application may reduce the high cost and efforts associated with implementing security at a later stage. For this purpose, various attempts has been made to define some security patterns keeping the attacks in mind. The developers now can use these patterns but sometimes it is difficult to choose a pattern from the large list, which may or may not suit the context. This paper is based on analyzing the existing security patterns. Here web application vulnerabilities has been classified and pairing is done between each vulnerability and a suitable pattern.
- B. Blakely and C. Heath. Security design pattern, tech report g031. OpenGroup, 2004.Google Scholar
- A. M. Braga, C. M. F. Rubira, and R. Dahab. Tropyc: A pattern language for cryptographic software. PLoP, 1998.Google Scholar
- F. L. Brown and E. B. Fernandez. The authenticator pattern. PLop, 1999.Google Scholar
- C. Dougherty, K. Sayre, R. C. Seacord, D. Svoboda, and K. Togashi. Secure Design Patterns. Software Engineering Institute, 2009.Google Scholar
- E. B. Fernandez and R. Pan. A pattern language for security models. PLop, 2001.Google Scholar
- E. B. Fernandez, J. C. Pelae, and M. M. Larrondopetrie. Security pattern for voice over ip network. In International multi conference on Computing in Global Information Technology(ICCGI'07), 2007. Google ScholarDigital Library
- E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object Oriented Software. Addison-Wesley, 1995. Google ScholarDigital Library
- M. Hafiz. Secure pre-forking- a pattern for performance and secuirty. PLoP, 2005.Google Scholar
- S. T. Halkidis, A. Chatzigeorgiou, and G. Stephanides. A quantitative evaluation of security patterns. International Conference on Information and Communication Security(ICICS), 2004.Google ScholarCross Ref
- J. Jurens. Secure system development with uml. Springer, 2004.Google Scholar
- D. M. Kienzle and M. C. Elder. Final technical report: Security pattern for web application development, 2002. http://www.scrypt.net/celer/securitypatterns/final.Google Scholar
- P. Morrision and E. B. Fernandez. Securing the broken pattern. In 11th European Conference on Pattern Language of Programs (EuroPLoP). PLop, 2006.Google Scholar
- OWASP. Owasp top 10 application security risks-2010. http://www.owasp.org/index.php/Category: OWASP_Top_Ten_Project.Google Scholar
- T. priebe, E. Fernandez, J. I. Mehlau, and G. Pernull. A parten system for access control. 18th Annual IFIP WG 11.3 Working Conference on Data and Application Security, 2004.Google Scholar
- Romanosky. Security design patterns. technical report. http://www.cgisecurity.com/lib/securityDesignPatterns.pdf, 2001.Google Scholar
- S. Romanosky, A. Acquisti, J. Hong, L. F. Carnor, and B. Friedman. Privacy pattern for online interaction. In PLop 2006 Conference. PLop, 2006. Google ScholarDigital Library
- M. Schumacher, E. B. Fernandez, D. Hybertson, and F. Buschmann. Security Patterns: Integrating Security And System Engineering. John Wiley and Sons Inc., 2006. Google ScholarDigital Library
- C. Steel, R. Nagappan, and R. Lai. Best Practice and Strategy for J2EE, Web Service and Identity Management. Prentice Hall, 2005.Google Scholar
- J. Yoder and J. Barcalow. Architectural patterns for enabling application security. In International Conference on Pattern Language of Programs. PLoP, 1997.Google Scholar
Index Terms
- Evaluation of web application security risks and secure design patterns
Recommendations
Software-security patterns: degree of maturity
EuroPLoP '15: Proceedings of the 20th European Conference on Pattern Languages of ProgramsSince Gamma et al. published their design patterns, patterns are very popular in the area of software engineering. They provide best practice to handle recurring problems during the software development phase. Three years later, security patterns ...
On the description of software security patterns
EuroPLoP '14: Proceedings of the 19th European Conference on Pattern Languages of ProgramsSecurity patterns describe best practices to handle recurring security problems. Patterns are presented with a special description form that depicts the pattern's specific properties. A description form consists of different sections such as Motivation, ...
Validating Security Design Patterns Application Using Model Testing
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and SecuritySoftware developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately ...
Comments