Systematic review of web application security development model

@article{Shuaibu2012SystematicRO,
  title={Systematic review of web application security development model},
  author={Bala Musa Shuaibu and Norita Md Norwawi and Mohd Hasan Selamat and Abdulkareem Al-Alwani},
  journal={Artificial Intelligence Review},
  year={2012},
  volume={43},
  pages={259-276}
}
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security… 
A Review on Application Security Management Using Web Application Security Standards
TLDR
This work is proposing a very important non-functional requirement Application Security Management is to define the requirements for security in all applications that use the web application security standards (WASS).
A maturity model for secure requirements engineering
TLDR
A Requirements Engineering (RE) Security Maturity Model (RESMM) to assist software development organizations to better specify the requirements for secure software development and has the ability to identify the RE security maturity levels in software organizations.
An Analysis on OCL/UML Constraints in E-commerce Application
TLDR
This study investigated completely 40 different kinds of literature which are collected from standard publications and analyzes different ideas to secure online shopping based on the UML/OCL.
NEW HYBRID METHODOLOGY FOR SECURE SYSTEMS
  • 2019
Software security is considered as a time consuming and after-thought activity, this could be because of its complexity or the lack of enough knowledge. Today`s software development companies are
Threat modeling - A systematic literature review
TLDR
This is the first systematic literature review on threat modeling to the best of the authors' knowledge and can be used for researchers and practitioners who want to know the state-of-the-art threat modeling methods.
Issues in Information Systems
Given the widespread adoption of agile methods and the rising number of software vulnerabilities, we analyze the literature with an interest in the effect of security practices on software
Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security
TLDR
The aim of this paper is the presentation of an ontology-based learning system for software security with contextualized learning approaches, and of the results of an initial evaluation using a controlled quasi-experiment in a university learning environment.
Automatic Identification of Security Risks in Edicts for Software Procurement
TLDR
This work presents the Automated Analyst of Edicts tool for aiding the analysis of such document by automatically identifying the absence of relationships between its sentences and software security risks or security weaknesses concepts.
Semantic Analysis for Identifying Security Concerns in Software Procurement Edicts
TLDR
This work presents the Automated Analyst of Edicts tool, which aids the analysis of a document by automatic identification of absent relationships between its sentences and concepts related to software security risks or weaknesses.
AGILE AND SECURE SOFTWARE DEVELOPMENT: AN UNFINISHED STORY
Given the widespread adoption of agile methods and the rising number of software vulnerabilities, we analyze the literature with an interest in the effect of security practices on software
...
1
2
...

References

SHOWING 1-10 OF 66 REFERENCES
Multi-module vulnerability analysis of web-based applications
TLDR
A novel vulnerability analysis approach is developed that characterizes both the extended state and the intended workflow of a web application and is able to identify sophisticated multi-step attacks against the application's workflow that were not addressed by previous approaches.
Agile development of secure web applications
TLDR
An agile process capable of dealing with the key challenges of web applications development, namely decreasing life-cycle times and frequently changing requirements and an iterative approach to risk analysis that integrates security design throughout the development process is presented.
The trustworthy computing security development lifecycle
  • S. Lipner
  • Computer Science
    20th Annual Computer Security Applications Conference
  • 2004
TLDR
The trustworthy computing security development lifecycle (or simply the SDL) is described and experience with its implementation across a range of Microsoft software is discussed, showing a significantly reduced rate of external discovery of security vulnerabilities.
A model-driven penetration test framework for Web applications
  • Pulei Xiong, L. Peyton
  • Computer Science
    2010 Eighth International Conference on Privacy, Security and Trust
  • 2010
TLDR
A model-driven penetration test framework for Web applications which provides a repeatable, systematic and cost-efficient approach fully integrated into a Security-Oriented Software Development Life Cycle is proposed.
Web application security assessment by fault injection and behavior monitoring
TLDR
The design of Web application security assessment mechanisms are analyzed in order to identify poor coding practices that render Web applications vulnerable to attacks such as SQL injection and cross-site scripting.
Security Patterns and Secure Systems Design
TLDR
The anatomy of a security pattern, a variety of them, and their use in the construction of secure systems including Authentication, Authorization, Role-based Access Control, Firewalls, Web Services Security (SAML, XACML, XML Firewall), and others are shown.
SecuBat: a web vulnerability scanner
TLDR
SecuBat, a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities is developed.
Security patterns and secure systems design
TLDR
The author shows the anatomy of a security pattern, a variety of them, and their use in the construction of secure systems, which include Authentication, Authorization, Role-based Access Control, Firewalls, Web Services Security, and others.
Securing web application code by static analysis and runtime protection
TLDR
A lattice-based static analysis algorithm derived from type systems and typestate is created, and its soundness is addressed, thus securing Web applications in the absence of user intervention and reducing potential runtime overhead by 98.4%.
A systematic review of security requirements engineering
TLDR
This paper carries out a systematic review of the existing literature concerning security requirements engineering in order to summarize the evidence regarding this issue and to provide a framework/background in which to appropriately position new research activities.
...
1
2
3
4
5
...