Systematic review of web application security development model
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development p...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | en_US |
Published: |
Springer
2015
|
Subjects: | |
Online Access: | http://ddms.usim.edu.my/handle/123456789/8433 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my.usim-8433 |
---|---|
record_format |
dspace |
spelling |
my.usim-84332015-12-22T04:09:04Z Systematic review of web application security development model Bala Musa, Shuaibu, Abdulkareem, Al-Alwani, Norita, Md Norwawi, Mohd Hasan, Selamat, Development lifecycle Web engineering Application layer Security Systematic review In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security development models used to secure the web application layer, the security approaches or techniques used in the process, the stages in the development model in which the approaches or techniques are emphasized, and the tools and mechanism used to detect vulnerabilities. The study extracted 499 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Google-Scholar, Science Direct, Scopus, Springer Link and ISI Web. After investigation, only 43 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one development model is referred to as a standard or preferred model for web application development. However, agile development models seem to have gained more attention, probably due to the multiple stakeholders that are involved in discussing security viewpoints, rather than a few members of the development team. It appears also that there is consistency in the use of the threat-modeling technique, probably due to its effectiveness in dealing with different kinds of vulnerabilities. 2015-06-19T02:44:29Z 2015-06-19T02:44:29Z 2015-01-01 Article 0269-2821 1573-7462 http://ddms.usim.edu.my/handle/123456789/8433 en_US Springer |
institution |
Universiti Sains Islam Malaysia |
building |
USIM Library |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universit Sains Islam i Malaysia |
content_source |
USIM Institutional Repository |
url_provider |
http://ddms.usim.edu.my/ |
language |
en_US |
topic |
Development lifecycle Web engineering Application layer Security Systematic review |
spellingShingle |
Development lifecycle Web engineering Application layer Security Systematic review Bala Musa, Shuaibu, Abdulkareem, Al-Alwani, Norita, Md Norwawi, Mohd Hasan, Selamat, Systematic review of web application security development model |
description |
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security development models used to secure the web application layer, the security approaches or techniques used in the process, the stages in the development model in which the approaches or techniques are emphasized, and the tools and mechanism used to detect vulnerabilities. The study extracted 499 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Google-Scholar, Science Direct, Scopus, Springer Link and ISI Web. After investigation, only 43 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one development model is referred to as a standard or preferred model for web application development. However, agile development models seem to have gained more attention, probably due to the multiple stakeholders that are involved in discussing security viewpoints, rather than a few members of the development team. It appears also that there is consistency in the use of the threat-modeling technique, probably due to its effectiveness in dealing with different kinds of vulnerabilities. |
format |
Article |
author |
Bala Musa, Shuaibu, Abdulkareem, Al-Alwani, Norita, Md Norwawi, Mohd Hasan, Selamat, |
author_facet |
Bala Musa, Shuaibu, Abdulkareem, Al-Alwani, Norita, Md Norwawi, Mohd Hasan, Selamat, |
author_sort |
Bala Musa, Shuaibu, |
title |
Systematic review of web application security development model |
title_short |
Systematic review of web application security development model |
title_full |
Systematic review of web application security development model |
title_fullStr |
Systematic review of web application security development model |
title_full_unstemmed |
Systematic review of web application security development model |
title_sort |
systematic review of web application security development model |
publisher |
Springer |
publishDate |
2015 |
url |
http://ddms.usim.edu.my/handle/123456789/8433 |
_version_ |
1645152417245822976 |
score |
13.222552 |