Web engineering security: essential elements

Security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide Security Improvement Initiatives in Web Engineering

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

Web development evolution: the business perspective on security

Protection of data, information, and knowledge is a hot topic in today’s business environment. Societal, legislative and consumer pressures are forcing companies to examine business strategies, modify processes and acknowledge security to accept and defend accountability. Research indicates that a significant portion of the financial losses is due to straight forward software design errors. Security should be addressed throughout the application development process via an independent methodology containing customizable components. The methodology is designed to integrate with an organization’s existing software development processes while providing structure to implement secure applications, helping companies mitigate hard and soft costs

Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Secure web application development and global regulation

The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today’s global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization’s policy compatibility, needs to be acknowledged in secure Web application development methodologies

Chameleon masculinity: developing the British ‘population-centred’ soldier

In this article I develop what I term chameleon masculinity as a specific form of gendered adaptation of military agency opened up by the post-9/11 shift towards ‘population-centred’ counterinsurgency and stabilisation. A gendered analysis of this carefully cultivated form of military agency is central to revealing some of the concealed embodied dynamics that challenge the hegemony of the traditional combat soldier, and in practice enables this form of war. Drawing on 18 months of anthropological fieldwork, for the most part alongside the UK’s Military Stabilisation Support Group, this research incorporates my auto-ethnography as an officer in the Royal Naval Reserves. Rather than focusing at the level of policy, strategy, and doctrine, I examine how the specialized and masculinized agency of ‘the chameleon’ translates tactically into the body of the British military stabilisation operative, showing how this is developed though intensive pre-deployment training in the UK, and embodied and practised through operational deployment in Afghanistan. This reveals the specific agency of chameleon masculinity and how its potential for inherent violence becomes deceptively ‘hidden in plain sight’

A randomised comparison evaluating changes in bone mineral density in advanced prostate cancer: luteinising hormone-releasing hormone agonists versus transdermal oestradiol.

BACKGROUND: Luteinising hormone-releasing hormone agonists (LHRHa), used as androgen deprivation therapy (ADT) in prostate cancer (PCa) management, reduce serum oestradiol as well as testosterone, causing bone mineral density (BMD) loss. Transdermal oestradiol is a potential alternative to LHRHa. OBJECTIVE: To compare BMD change in men receiving either LHRHa or oestradiol patches (OP). DESIGN, SETTING, AND PARTICIPANTS: Men with locally advanced or metastatic PCa participating in the randomised UK Prostate Adenocarcinoma TransCutaneous Hormones (PATCH) trial (allocation ratio of 1:2 for LHRHa:OP, 2006-2011; 1:1, thereafter) were recruited into a BMD study (2006-2012). Dual-energy x-ray absorptiometry scans were performed at baseline, 1 yr, and 2 yr. INTERVENTIONS: LHRHa as per local practice, OP (FemSeven 100μg/24h patches). OUTCOME MEASUREMENTS AND STATISTICAL ANALYSIS: The primary outcome was 1-yr change in lumbar spine (LS) BMD from baseline compared between randomised arms using analysis of covariance. RESULTS AND LIMITATIONS: A total of 74 eligible men (LHRHa 28, OP 46) participated from seven centres. Baseline clinical characteristics and 3-mo castration rates (testosterone ≤1.7 nmol/l, LHRHa 96% [26 of 27], OP 96% [43 of 45]) were similar between arms. Mean 1-yr change in LS BMD was -0.021g/cm(3) for patients randomised to the LHRHa arm (mean percentage change -1.4%) and +0.069g/cm(3) for the OP arm (+6.0%; p<0.001). Similar patterns were seen in hip and total body measurements. The largest difference between arms was at 2 yr for those remaining on allocated treatment only: LS BMD mean percentage change LHRHa -3.0% and OP +7.9% (p<0.001). CONCLUSIONS: Transdermal oestradiol as a single agent produces castration levels of testosterone while mitigating BMD loss. These early data provide further supporting evidence for the ongoing phase 3 trial. PATIENT SUMMARY: This study found that prostate cancer patients treated with transdermal oestradiol for hormonal therapy did not experience the loss in bone mineral density seen with luteinising hormone-releasing hormone agonists. Other clinical outcomes for this treatment approach are being evaluated in the ongoing PATCH trial. TRIAL REGISTRATION: ISRCTN70406718, PATCH trial (ClinicalTrials.gov NCT00303784)

Polymeric nanobiotics as a novel treatment for mycobacterial infections.

Mycobacterium tuberculosis (Mtb) remains a major challenge to global health, made worse by the spread of multi-drug resistance. Currently, the efficacy and safety of treatment is limited by difficulties in achieving and sustaining adequate tissue antibiotic concentrations while limiting systemic drug exposure to tolerable levels. Here we show that nanoparticles generated from a polymer-antibiotic conjugate ('nanobiotics') deliver sustained release of active drug upon hydrolysis in acidic environments, found within Mtb-infected macrophages and granulomas, and can, by encapsulation of a second antibiotic, provide a mechanism of synchronous drug delivery. Nanobiotics are avidly taken up by infected macrophages, enhance killing of intracellular Mtb, and are efficiently delivered to granulomas and extracellular mycobacterial cords in vivo in an infected zebrafish model. We demonstrate that isoniazid (INH)-derived nanobiotics, alone or with additional encapsulation of clofazimine (CFZ), enhance killing of mycobacteria in vitro and in infected zebrafish, supporting the use of nanobiotics for Mtb therapy and indicating that nanoparticles generated from polymer-small molecule conjugates might provide a more general solution to delivering co-ordinated combination chemotherapy.Rosetrees Trust Interdisciplinary Prize 2015 Wellcome Trust awards 107032/Z/15/Z and 10/H0305/55 NIHR Cambridge Biomedical Research Centre Award MRC AMR Theme award MR/N02995X/1 Marie-Curie IF CFZEBRA 75197