SECURITY RISK ANALYSIS IN WEB APPLICATION DESIGN

Rattikorn Hewett; Phongphun Kijsanayothin; Meinhard Peters

doi:10.5220/0001266700280035

SECURITY RISK ANALYSIS IN WEB APPLICATION DESIGN

Rattikorn Hewett, Phongphun Kijsanayothin, Meinhard Peters

2007

Abstract

Web-based information systems play increasingly important roles in providing functions and business services for many organizations. Because of their ubiquitous natures dealing with a huge and diverse population of users, web applications must be tolerant to errors, adverse interactions and malicious attacks. The ability to quickly estimate security risks early in the system development life cycle can be beneficial in making various decisions. This is particularly crucial for large and complex web applications that are asset-critical and evolve rapidly through long life cycles. This paper presents a systematic approach for the automated assessment of security risks, at the design stage, of web-based information systems. The approach combines risk concepts in reliability engineering with heuristics using characteristics of software and hardware deployment design to estimate security risks of the system to be developed. It provides a simple early estimate of security risks that can help locate high-risk software components. We discuss limitations of the approach and give an illustration in an industrial engineering and business-to-business domain using a case study of a web-based material requirements planning system for a manufacturing enterprise.

Download

Paper Citation

in Harvard Style

Hewett R., Kijsanayothin P. and Peters M. (2007). SECURITY RISK ANALYSIS IN WEB APPLICATION DESIGN . In Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-77-1, pages 28-35. DOI: 10.5220/0001266700280035

in Bibtex Style

@conference{webist07,
author={Rattikorn Hewett and Phongphun Kijsanayothin and Meinhard Peters},
title={SECURITY RISK ANALYSIS IN WEB APPLICATION DESIGN},
booktitle={Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2007},
pages={28-35},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001266700280035},
isbn={978-972-8865-77-1},
}

in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - SECURITY RISK ANALYSIS IN WEB APPLICATION DESIGN
SN - 978-972-8865-77-1
AU - Hewett R.
AU - Kijsanayothin P.
AU - Peters M.
PY - 2007
SP - 28
EP - 35
DO - 10.5220/0001266700280035