Secure Web Engineering Supported by an Evaluation Framework Preliminary Report on a Web Engineering Approach for Secure Applications Supported by a Conceptual Evaluation Framework for Secure Systems Engineering
This paper reports on the progress of the author's PhD in the area of security engineering for web applications. Initially, the work was located at the beginning of the Software Development Life Cycle (SDLC) with a focus on design. However, designing a perfectly secure application is worth nothing, if it is not possible for security engineers to choose appropriate methods, notations and tools (so called mechanisms) to work with in each phase of the SDLC. Therefore, we2 additionally develop a conceptual framework for the evaluation of these Mechanisms, which is not limited to the web, and also has a focus on security. At the moment, almost two-thirds of the work for the PhD is done, which means that most underlying ideas are written down but further case studies and evaluations will follow.
展开▼