Web engineering security: essential elements

Security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide Security Improvement Initiatives in Web Engineering

Web Services as Product Experience Augmenters and the Implications for Requirements Engineering: A Position Paper

There is currently little insight into what requirement engineering for web services is and in which context it will be carried out. In this position paper, we investigate requirements engineering for a special kind of web services, namely web services that are used to augment the perceived value of a primary service or product that is itself not a web service. We relate requirements engineering to a common enterprise architecture pattern and derive from this a number of research questions for further study

Towards a re-engineering method for web services architectures

Recent developments in Web technologies – in particular through the Web services framework – have greatly enhanced the flexible and interoperable implementation of service-oriented software architectures. Many older Web-based and other distributed software systems will be re-engineered to a Web services-oriented platform. Using an advanced e-learning system as our case study, we investigate central aspects of a re-engineering approach for the Web services platform. Since our aim is to provide components of the legacy system also as services in the new platform, re-engineering to suit the new development paradigm is as important as re-engineering to suit the new architectural requirements

Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

A Practical Example for Model-Driven Web Requirements

The number of approaches for Web environments has grown very fast in the last years: HDM, OOHDM, and WSDM were among the first, and now a large number can be found in the literature. With the definition of MDA (Model- Driven Architecture) and the acceptance of MDE (Model-Driven Engineering) techniques in this environment, some groups are working in the use of metamodels and transformations to make their approaches more powerful. UWE (UMLBased Web Engineering) or OOWS (Object-Oriented Web Solutions) are only some examples. However, there are few real experiences with Web Engineering in the enterprise environment, and very few real applications of metamodels and MDE techniques. In this chapter the practical experience of a Web Engineering approach, NDT, in a big project developed in Andalusia is presented. Besides, it shows the usability of metamodels in real environments

BaBar - A Community Web Site in an Organizational Setting

The BABAR Web site was established in 1993 at the Stanford Linear Accelerator Center (SLAC) to support the BABAR experiment, to report its results, and to facilitate communication among its scientific and engineering collaborators, currently numbering about 600 individuals from 75 collaborating institutions in 10 countries. The BABAR Web site is, therefore, a community Web site. At the same time it is hosted at SLAC and funded by agencies that demand adherence to policies decided under different priorities. Additionally, the BABAR Web administrators deal with the problems that arise during the course of managing users, content, policies, standards, and changing technologies. Desired solutions to some of these problems may be incompatible with the overall administration of the SLAC Web sites and/or the SLAC policies and concerns. There are thus different perspectives of the same Web site and differing expectations in segments of the SLAC population which act as constraints and challenges in any review or re-engineering activities. Web Engineering, which post-dates the BABAR Web, has aimed to provide a comprehensive understanding of all aspects of Web development. This paper reports on the first part of a recent review of application of Web Engineering methods to the BABAR Web site, which has led to explicit user and information models of the BABAR community and how SLAC and the BABAR community relate and react to each other. The paper identifies the issues of a community Web site in a hierarchical, semi-governmental sector and formulates a strategy for periodic reviews of BABAR and similar sites.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 8 pages, PDF, PSN MONT00

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

A Process Framework for Semantics-aware Tourism Information Systems

The growing sophistication of user requirements in tourism due to the advent of new technologies such as the Semantic Web and mobile computing has imposed new possibilities for improved intelligence in Tourism Information Systems (TIS). Traditional software engineering and web engineering approaches cannot suffice, hence the need to find new product development approaches that would sufficiently enable the next generation of TIS. The next generation of TIS are expected among other things to: enable semantics-based information processing, exhibit natural language capabilities, facilitate inter-organization exchange of information in a seamless way, and evolve proactively in tandem with dynamic user requirements. In this paper, a product development approach called Product Line for Ontology-based Semantics-Aware Tourism Information Systems (PLOSATIS) which is a novel hybridization of software product line engineering, and Semantic Web engineering concepts is proposed. PLOSATIS is presented as potentially effective, predictable and amenable to software process improvement initiatives