Publication:
Systematic review of web application security development model

No Thumbnail Available

Date

2013

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Kluwer Academic Publishers

Research Projects

Organizational Units

Journal Issue

Abstract

In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security development models used to secure the web application layer, the security approaches or techniques used in the process, the stages in the development model in which the approaches or techniques are emphasized, and the tools and mechanism used to detect vulnerabilities. The study extracted 499 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Google-Scholar, Science Direct, Scopus, Springer Link and ISI Web. After investigation, only 43 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one development model is referred to as a standard or preferred model for web application development. However, agile development models seem to have gained more attention, probably due to the multiple stakeholders that are involved in discussing security viewpoints, rather than a few members of the development team. It appears also that there is consistency in the use of the threat-modeling technique, probably due to its effectiveness in dealing with different kinds of vulnerabilities. � 2013, Springer Science+Business Media Dordrecht.

Description

Keywords

Application layer, Development lifecycle, Security, Systematic review, Web engineering, Application programs, Digital libraries, Network security, Security of data, Social networking (online), Software engineering, World Wide Web, Application layers, Inclusion and exclusions, Security, Software development models, Systematic literature review, Systematic Review, Web application development, Web engineering, Software design

Citation

URI

https://www.scopus.com/inward/record.uri?eid=2-s2.0-84921999989&doi=10.1007%2fs10462-012-9375-6&partnerID=40&md5=65323f21ba9a805d4ad9cbb4af21c524
 https://oarep.usim.edu.my/handle/123456789/8783

Collections

Scopus