Security Qualitative Metrics for Open Web Application Security Project Compliance

Sönmez, Ferda Özdemir
The focus of this study is to find out repeatable features for large-scale enterprise web application production process related to based on OWASP security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 security qualitative metrics are discovered, under six categories. These security qualitative metrics are beneficial for security analysts as well as other parties such as designers, developers, and testers. The fmdings provide a developer/designer point of view and would help to make better decisions related to the environment set up, technology selection, and the architecture, design, and implementation details. As a result of this effort, the overall vulnerability level of the web applications would diminish significantly. (C) 2019 The Authors. Published by Elsevier B.V.


Security visualization infrastructures, techniques, and methodologies for improved enterprise security
Özdemir Sönmez, F. Ferd; Günel Kılıç, Banu; Department of Information Systems (2019)
This thesis focuses on providing designs to allow monitoring of the security status of enterprises at the organization level. The audience of this research is all enterprise level IT and security experts, and the other users who may be engaged in the security visualization designs, including the top level management. Numerous tools and programs are being used in organizations to analyze and overcome security vulnerabilities. However, the outputs of these programs are rarely understood clearly. During this s...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Increasing trustworthiness of security critical applications using trusted computing
Uzunay, Yusuf; Baykal, Nazife; Bıçakcı, Kemal; Department of Information Systems (2014)
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform...
A certificate based, context aware access control model for multi domain environments
Yortanlı, Ahmet; Koçyiğit, Altan; Department of Information Systems (2010)
A certificate based approach is proposed for access control operations of context aware systems for multi domain environments. New model deals with the removal of inter-domain communication requirement in access request evaluation process. The study is applied on a prototype implementation with configuration for two di erent cases to show the applicability of the proposed certificate based, context aware access control model for multi domain environments. The outputs for the cases show that proposed access ...
Interoperability by means of configurable connectors
Kaya, Muhammed Çağrı; Doğru, Ali H.; Department of Computer Engineering (2020)
A configurable connector-based software development methodology for componentbased approaches is presented. This method involves the incorporation of variability modeling capabilities into component modeling environments. The focus of this research is on supporting technologies for the combination of parts that are not directly compatible. In the scope of this research, firstly, proposals for the configurable connector paradigm are put forth, that are, achieving interoperability among system components by u...
Citation Formats
F. Ö. Sönmez, “Security Qualitative Metrics for Open Web Application Security Project Compliance,” 2019, vol. 151, p. 998, Accessed: 00, 2020. [Online]. Available: