Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

Nehring, Natalia Alekseevna

Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

dc.contributor.author	Nehring, Natalia Alekseevna
dc.date.accessioned	2017-11-05T19:50:45Z
dc.date.available	2017-11-05T19:50:45Z
dc.date.issued	2007
dc.description.abstract	One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment.	en_US
dc.identifier.uri	http://hdl.handle.net/10179/12229
dc.language.iso	en	en_US
dc.publisher	Massey University	en_US
dc.rights	The Author	en_US
dc.subject	Web sites -- Security measures	en_US
dc.subject	Computer security	en_US
dc.title	Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand	en_US
dc.type	Thesis	en_US
massey.contributor.author	Nehring, Natalia Alekseevna
thesis.degree.discipline	Information Systems	en_US
thesis.degree.grantor	Massey University	en_US
thesis.degree.level	Masters	en_US
thesis.degree.name	Master of Information Science (M. Inf. Sc.)	en_US

Files

Original bundle

Now showing 1 - 2 of 2

Name:: 01_front.pdf
Size:: 4.05 MB
Format:: Adobe Portable Document Format
Description:

Download

Name:: 02_whole.pdf
Size:: 42.06 MB
Format:: Adobe Portable Document Format
Description:

Download

License bundle

Now showing 1 - 1 of 1

Name:: license.txt
Size:: 3.32 KB
Format:: Item-specific license agreed upon to submission
Description:

Download

Collections

Theses and Dissertations