Estimating Security Risk for Web Applications using Security Vectors
نویسندگان
چکیده
Risk assessment has been getting increased attention as the new vulnerabilities and threats are emerging on daily basis. The popularity and complexity of web application present challenges to the security implementation for web engineering. It is well known that the earlier to perform risk assessment for software, the less cost needed to mitigate the security risks. However, quantitative estimation of security in the earlier stage of software development life cycle is largely missing. In this paper, we propose a quantitative approach to perform risk assessment at design stage for web application which is based on multiple security vectors of asset, threat and vulnerability. An environment-driven method is proposed to elicit threats to the system. In the end, the risk assessment methodology is applied on a customer goods case study.
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملA Survey on Web Application Security
Web applications are one of the most prevalent platforms for information and services delivery over Internet today. As they are increasingly used for critical services, web applications become a popular and valuable target for security attacks. Although a large body of techniques have been developed to fortify web applications and and mitigate the attacks toward web applications, there is littl...
متن کاملEstimation of the Security Level in a Mobile and Ubiquitous Environment Based on the Semantic Web
The emerging Semantic Web enables semantic discovery and systematic maintenance of information that can be used as reference data when estimating the security level of a network, or a part of it. Using suitable security metrics and ontologies, nodes can estimate the level of security from both their own and the network’s point of view. The most secure applications and communication peers can be...
متن کاملSecurity Analysis and Improvement Model for Web-based Applications
Security Analysis and Improvement Model for Web-based Applications. (December 2008) Yong Wang, B.S.; M.S., Anhui Agricultural University, China; M.S., Texas A&M University Co-Chairs of Advisory Committee: Dr. William M. Lively Dr. Dick B. Simmons Today the web has become a major conduit for information. As the World Wide Web’s popularity continues to increase, information security on the web ha...
متن کاملSecurity in WEB Applications, Definitions, Risks and Tools
Security in WEB applications has become a major concern for the scientific and business communities today. An increasing amount of money is being spent for handling information security. . Therefore, giving the proper importance of handling information security, the paper focuses on: definitions of software security, vulnerabilities and risks, dealing with various threats and vulnerabilities, t...
متن کامل