Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Security Qualitative Metrics for Open Web Application Security Project Compliance
Download
1-s2.0-S1877050919306052-main.pdf
Date
2019
Author
Sönmez, Ferda Özdemir
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
69
views
75
downloads
Cite This
The focus of this study is to find out repeatable features for large-scale enterprise web application production process related to based on OWASP security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 security qualitative metrics are discovered, under six categories. These security qualitative metrics are beneficial for security analysts as well as other parties such as designers, developers, and testers. The fmdings provide a developer/designer point of view and would help to make better decisions related to the environment set up, technology selection, and the architecture, design, and implementation details. As a result of this effort, the overall vulnerability level of the web applications would diminish significantly. (C) 2019 The Authors. Published by Elsevier B.V.
Subject Keywords
OWASP
,
Enterprise Security
,
Security Qualitative Metric
,
Application Security
,
Web
,
Java
URI
https://hdl.handle.net/11511/58145
DOI
https://doi.org/10.1016/j.procs.2019.04.140
Collections
Graduate School of Informatics, Conference / Seminar
Suggestions
OpenMETU
Core
Security visualization infrastructures, techniques, and methodologies for improved enterprise security
Özdemir Sönmez, F. Ferd; Günel Kılıç, Banu; Department of Information Systems (2019)
This thesis focuses on providing designs to allow monitoring of the security status of enterprises at the organization level. The audience of this research is all enterprise level IT and security experts, and the other users who may be engaged in the security visualization designs, including the top level management. Numerous tools and programs are being used in organizations to analyze and overcome security vulnerabilities. However, the outputs of these programs are rarely understood clearly. During this s...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Increasing trustworthiness of security critical applications using trusted computing
Uzunay, Yusuf; Baykal, Nazife; Bıçakcı, Kemal; Department of Information Systems (2014)
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform...
A certificate based, context aware access control model for multi domain environments
Yortanlı, Ahmet; Koçyiğit, Altan; Department of Information Systems (2010)
A certificate based approach is proposed for access control operations of context aware systems for multi domain environments. New model deals with the removal of inter-domain communication requirement in access request evaluation process. The study is applied on a prototype implementation with configuration for two di erent cases to show the applicability of the proposed certificate based, context aware access control model for multi domain environments. The outputs for the cases show that proposed access ...
Interoperability by means of configurable connectors
Kaya, Muhammed Çağrı; Doğru, Ali H.; Department of Computer Engineering (2020)
A configurable connector-based software development methodology for componentbased approaches is presented. This method involves the incorporation of variability modeling capabilities into component modeling environments. The focus of this research is on supporting technologies for the combination of parts that are not directly compatible. In the scope of this research, firstly, proposals for the configurable connector paradigm are put forth, that are, achieving interoperability among system components by u...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
F. Ö. Sönmez, “Security Qualitative Metrics for Open Web Application Security Project Compliance,” 2019, vol. 151, p. 998, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/58145.
