Web engineering security: essential elements

Security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide Security Improvement Initiatives in Web Engineering

Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

A Practical Example for Model-Driven Web Requirements

The number of approaches for Web environments has grown very fast in the last years: HDM, OOHDM, and WSDM were among the first, and now a large number can be found in the literature. With the definition of MDA (Model- Driven Architecture) and the acceptance of MDE (Model-Driven Engineering) techniques in this environment, some groups are working in the use of metamodels and transformations to make their approaches more powerful. UWE (UMLBased Web Engineering) or OOWS (Object-Oriented Web Solutions) are only some examples. However, there are few real experiences with Web Engineering in the enterprise environment, and very few real applications of metamodels and MDE techniques. In this chapter the practical experience of a Web Engineering approach, NDT, in a big project developed in Andalusia is presented. Besides, it shows the usability of metamodels in real environments

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

A Practical Environment to Apply Model-Driven Web Engineering

The application of a model-driven paradigm in the development of Web Systems has yielded very good research results. Several research groups are defining metamodels, transformations, and tools which offer a suitable environment, known as model-driven Web engineering (MDWE). However, there are very few practical experiences in real Web system developments using real development teams. This chapter presents a practical environment of MDWE based on the use of NDT (navigational development techniques) and Java Web systems, and it provides a practical evaluation of its application within a real project: specialized Diraya.Ministerio de Educación y Ciencia TIN2007-67843-C06-03Ministerio de Educación y Ciencia TIN2007-30391-

A Process Framework for Semantics-aware Tourism Information Systems

The growing sophistication of user requirements in tourism due to the advent of new technologies such as the Semantic Web and mobile computing has imposed new possibilities for improved intelligence in Tourism Information Systems (TIS). Traditional software engineering and web engineering approaches cannot suffice, hence the need to find new product development approaches that would sufficiently enable the next generation of TIS. The next generation of TIS are expected among other things to: enable semantics-based information processing, exhibit natural language capabilities, facilitate inter-organization exchange of information in a seamless way, and evolve proactively in tandem with dynamic user requirements. In this paper, a product development approach called Product Line for Ontology-based Semantics-Aware Tourism Information Systems (PLOSATIS) which is a novel hybridization of software product line engineering, and Semantic Web engineering concepts is proposed. PLOSATIS is presented as potentially effective, predictable and amenable to software process improvement initiatives

Web Engineering: An Assessment of Empirical Research

Web engineering is the process used to create high-quality Web-based systems and applications that deliver a complex array of content and functionality to a broad population of end-users. As Web Engineering continues to grow in popularity with practitioners and academics alike, so far, there hasn\u27t been any assessment of its accumulated body of knowledge in terms of academic research. Because Web engineering was established as a new discipline some five years ago, it is perhaps time to take stock of the efforts made in this field. Using the Web Engineering Process Model developed by Pressman, this paper organizes and map progress made so far. The results suggest a significant need for theory-based research in Web Engineering. The paper discusses some of the managerial and research implications of the findings