Systematic review of web application security development model

In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development p...

Full description

Saved in:
Bibliographic Details
Main Authors: Bala Musa, Shuaibu,, Abdulkareem, Al-Alwani,, Norita, Md Norwawi,, Mohd Hasan, Selamat,
Format: Article
Language:en_US
Published: Springer 2015
Subjects:
Online Access:http://ddms.usim.edu.my/handle/123456789/8433
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.usim-8433
record_format dspace
spelling my.usim-84332015-12-22T04:09:04Z Systematic review of web application security development model Bala Musa, Shuaibu, Abdulkareem, Al-Alwani, Norita, Md Norwawi, Mohd Hasan, Selamat, Development lifecycle Web engineering Application layer Security Systematic review In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security development models used to secure the web application layer, the security approaches or techniques used in the process, the stages in the development model in which the approaches or techniques are emphasized, and the tools and mechanism used to detect vulnerabilities. The study extracted 499 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Google-Scholar, Science Direct, Scopus, Springer Link and ISI Web. After investigation, only 43 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one development model is referred to as a standard or preferred model for web application development. However, agile development models seem to have gained more attention, probably due to the multiple stakeholders that are involved in discussing security viewpoints, rather than a few members of the development team. It appears also that there is consistency in the use of the threat-modeling technique, probably due to its effectiveness in dealing with different kinds of vulnerabilities. 2015-06-19T02:44:29Z 2015-06-19T02:44:29Z 2015-01-01 Article 0269-2821 1573-7462 http://ddms.usim.edu.my/handle/123456789/8433 en_US Springer
institution Universiti Sains Islam Malaysia
building USIM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universit Sains Islam i Malaysia
content_source USIM Institutional Repository
url_provider http://ddms.usim.edu.my/
language en_US
topic Development lifecycle
Web engineering
Application layer
Security
Systematic review
spellingShingle Development lifecycle
Web engineering
Application layer
Security
Systematic review
Bala Musa, Shuaibu,
Abdulkareem, Al-Alwani,
Norita, Md Norwawi,
Mohd Hasan, Selamat,
Systematic review of web application security development model
description In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security development models used to secure the web application layer, the security approaches or techniques used in the process, the stages in the development model in which the approaches or techniques are emphasized, and the tools and mechanism used to detect vulnerabilities. The study extracted 499 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Google-Scholar, Science Direct, Scopus, Springer Link and ISI Web. After investigation, only 43 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one development model is referred to as a standard or preferred model for web application development. However, agile development models seem to have gained more attention, probably due to the multiple stakeholders that are involved in discussing security viewpoints, rather than a few members of the development team. It appears also that there is consistency in the use of the threat-modeling technique, probably due to its effectiveness in dealing with different kinds of vulnerabilities.
format Article
author Bala Musa, Shuaibu,
Abdulkareem, Al-Alwani,
Norita, Md Norwawi,
Mohd Hasan, Selamat,
author_facet Bala Musa, Shuaibu,
Abdulkareem, Al-Alwani,
Norita, Md Norwawi,
Mohd Hasan, Selamat,
author_sort Bala Musa, Shuaibu,
title Systematic review of web application security development model
title_short Systematic review of web application security development model
title_full Systematic review of web application security development model
title_fullStr Systematic review of web application security development model
title_full_unstemmed Systematic review of web application security development model
title_sort systematic review of web application security development model
publisher Springer
publishDate 2015
url http://ddms.usim.edu.my/handle/123456789/8433
_version_ 1645152417245822976
score 13.222552