- 期刊
Estimating Security Risk for Web Applications Using Security Vectors
並列摘要
Risk assessment has been getting increased attention as the new vulnerabilities and threats are emerging on daily basis. The popularity and complexity of web application present challenges to the security implementation for web engineering. It is well known that the earlier to perform risk assessment for software, the less cost needed to mitigate the security risks. However, quantitative estimation of security in the earlier stage of software development life cycle is largely missing. In this paper, we propose a quantitative approach to perform risk assessment at design stage for web application which is based on multiple security vectors of asset, threat and vulnerability. An environment-driven method is proposed to elicit threats to the system. In the end, the risk assessment methodology is applied on a customer goods case study.
延伸閱讀
- 陳信文(2014)。Research of Detecting Web Application Vulnerability〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0028-0307201423362800
- Shih, J. F. (2011). An Integrated Analyzer for Verifying Web Application Security [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.01077
- SriNithi, D., Elavarasi, G., Raj, T. M., & Sivaprakasam, P. (2014). Improving Web Application Security Using Penetration Testing. Research Journal of Applied Sciences, Engineering and Technology, 8(5), 658-663. https://www.airitilibrary.com/Article/Detail?DocID=20407467-201408-201502170022-201502170022-658-663
- Tai, C. P. (2010). An Integrated Environment for Analyzing Web Application Security [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2010.01758
- Yi, C. (2017). Predicting Injection Vulnerabilities in Web Applications [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-0401201816001033