Publication:
Systematic review of web application security development model

dc.contributor.authorShuaibu, BMen_US
dc.contributor.authorNorwawi, NMen_US
dc.contributor.authorSelamat, MHen_US
dc.contributor.authorAl-Alwani, Aen_US
dc.date.accessioned2024-05-29T02:56:29Z
dc.date.available2024-05-29T02:56:29Z
dc.date.issued2015
dc.description.abstractIn recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security development models used to secure the web application layer, the security approaches or techniques used in the process, the stages in the development model in which the approaches or techniques are emphasized, and the tools and mechanism used to detect vulnerabilities. The study extracted 499 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Google-Scholar, Science Direct, Scopus, Springer Link and ISI Web. After investigation, only 43 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one development model is referred to as a standard or preferred model for web application development. However, agile development models seem to have gained more attention, probably due to the multiple stakeholders that are involved in discussing security viewpoints, rather than a few members of the development team. It appears also that there is consistency in the use of the threat-modeling technique, probably due to its effectiveness in dealing with different kinds of vulnerabilities.
dc.identifier.doi10.1007/s10462-012-9375-6
dc.identifier.epage276
dc.identifier.isbn1573-7462
dc.identifier.issn0269-2821
dc.identifier.issue2
dc.identifier.scopusWOS:000348340000006
dc.identifier.spage259
dc.identifier.urihttps://oarep.usim.edu.my/handle/123456789/11586
dc.identifier.volume43
dc.languageEnglish
dc.language.isoen_US
dc.publisherSpringeren_US
dc.relation.ispartofArtificial Intelligence Review
dc.sourceWeb Of Science (ISI)
dc.subjectDevelopment lifecycleen_US
dc.subjectWeb engineeringen_US
dc.subjectApplication layeren_US
dc.subjectSecurityen_US
dc.subjectSystematic reviewen_US
dc.titleSystematic review of web application security development model
dc.typeArticleen_US
dspace.entity.typePublication

Files