33,056 research outputs found
Agile security for web applications
Web-based applications (or more concisely, Web applications) are a kind of information system with a particular architecture. They have progressively evolved from Internet browser-based, read-only information repositories to Web-based distributed systems. Today, increasing numbers of businesses rely on their Web applications. At the same time, Web applications are facing many security challenges and, as a result, are exposing businesses to many risks. This thesis proposes a novel approach to building secure Web applications using agile software development methods
An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications
Defects in requirements specifications can have severe consequences during
the software development lifecycle. Some of them may result in poor product
quality and/or time and budget overruns due to incorrect or missing quality
characteristics, such as security. This characteristic requires special
attention in web applications because they have become a target for
manipulating sensible data. Several concerns make security difficult to deal
with. For instance, security requirements are often misunderstood and
improperly specified due to lack of security expertise and emphasis on security
during early stages of software development. This often leads to unspecified or
ill-defined security-related aspects. These concerns become even more
challenging in agile contexts, where lightweight documentation is typically
produced. To tackle this problem, we designed an approach for reviewing
security-related aspects in agile requirements specifications of web
applications. Our proposal considers user stories and security specifications
as inputs and relates those user stories to security properties via Natural
Language Processing. Based on the related security properties, our approach
identifies high-level security requirements from the Open Web Application
Security Project (OWASP) to be verified, and generates a reading technique to
support reviewers in detecting defects. We evaluate our approach via three
experiment trials conducted with 56 novice software engineers, measuring
effectiveness, efficiency, usefulness, and ease of use. We compare our approach
against using: (1) the OWASP high-level security requirements, and (2) a
perspective-based approach as proposed in contemporary state of the art. The
results strengthen our confidence that using our approach has a positive impact
(with large effect size) on the performance of inspectors in terms of
effectiveness and efficiency.Comment: Preprint accepted for publication at the Requirements Engineering
journal. arXiv admin note: text overlap with arXiv:1906.1143
Evolution of Software Engineering in the Changing Scenario of Modern Hardware Architecture, Semantic Web and Cloud Computing Platform
Traditional way of software engineering is no longer fully suitable in the changing scenario of modern hardwareand software architecture of parallel and distributed computing on Semantic web and Cloud computing platform. A parallelhardware architecture can support high performance computing but needs changes in programming style. Also the capabilityof Semantic web can link everything on the internet making an interoperable intelligent system. And with this capabilitymany beneficial business models like Web services and Cloud computing platform have been conceptualized. Cloudcomputing is the most anticipated future trend of computing. These changes in hardware and software architecture means weneed to re-visit the traditional software engineering process models meant for a single computer system. This paper firstsurveys the evolution of hardware architecture, newer business models, newer software applications and then analyses theneed for changes in software engineering process models to leverage all the benefits of the newer business models. Thispaper also emphasizes the vulnerability of the web applications and cloud computing platform in terms of risk managementof web applications in general and privacy and security of customer information in shared cloud platform which maythreaten the adoption of the cloud platform.Keywords/Index Terms— Agile Process Model , Cloud Computing Platform, Privacy and Security Issues, RiskManagement, Semantic Web, Software Evolution
Incorporating Agile with MDA Case Study: Online Polling System
Nowadays agile software development is used in greater extend but for small
organizations only, whereas MDA is suitable for large organizations but yet not
standardized. In this paper the pros and cons of Model Driven Architecture
(MDA) and Extreme programming have been discussed. As both of them have some
limitations and cannot be used in both large scale and small scale
organizations a new architecture has been proposed. In this model it is tried
to opt the advantages and important values to overcome the limitations of both
the software development procedures. In support to the proposed architecture
the implementation of it on Online Polling System has been discussed and all
the phases of software development have been explained.Comment: 14 pages,1 Figure,1 Tabl
Web engineering security: essential elements
Security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide Security Improvement Initiatives in Web Engineering
Intangible trust requirements - how to fill the requirements trust "gap"?
Previous research efforts have been expended in terms of the capture and subsequent instantiation of "soft" trust requirements that relate to HCI usability concerns or in relation to "hard" tangible security requirements that primarily relate to security a ssurance and security protocols. Little direct focus has been paid to managing intangible trust related requirements
per se. This 'gap' is perhaps most evident in the public B2C (Business to Consumer) E- Systems we all use on a daily basis. Some speculative suggestions are made as to how to fill the 'gap'.
Visual card sorting is suggested as a suitable evaluative tool; whilst deontic logic trust norms
and UML extended notation are the suggested (methodologically invariant) means by which software development teams can perhaps more fully capture hence visualize intangible trust requirements
An Access Control Model for NoSQL Databases
Current development platforms are web scale, unlike recent platforms which were just network scale. There has been a rapid evolution in computing paradigm that has created the need for data storage as agile and scalable as the applications they support. Relational databases with their joins and locks influence performance in web scale systems negatively. Thus, various types of non-relational databases have emerged in recent years, commonly referred to as NoSQL databases. To fulfill the gaps created by their relational counter-part, they trade consistency and security for performance and scalability. With NoSQL databases being adopted by an increasing number of organizations, the provision of security for them has become a growing concern.
This research presents a context based abstract model by extending traditional role based access control for access control in NoSQL databases. The said model evaluates and executes security policies which contain versatile access conditions against the dynamic nature of data. The goal is to devise a mechanism for a forward looking, assertive yet flexible security feature to regulate access to data in the database system that is devoid of rigid structures and consistency, namely a document based database such as MongoDB
Web development evolution: the assimilation of web engineering security
In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components
- …