<XML><RECORDS><RECORD><REFERENCE_TYPE>10</REFERENCE_TYPE><REFNUM>8508</REFNUM><AUTHORS><AUTHOR>Glisson,W.B.</AUTHOR><AUTHOR>Welland,R.C.</AUTHOR></AUTHORS><YEAR>2007</YEAR><TITLE>Web Survey Technical Report</TITLE><PLACE_PUBLISHED>DCS Technical Report Series</PLACE_PUBLISHED><PUBLISHER>Dept of Computing Science, University of Glasgow</PUBLISHER><PAGES>27</PAGES><ISBN>TR-2007-242</ISBN><LABEL>Glisson:2007:8508</LABEL><ABSTRACT><p>The reality is that security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. During June and July of 2005, a web survey was hosted at the University of Glasgow to determine how security is realistically perceived and implemented in industry during Web application development. There were fifty-three valid respondents to the survey. The respondent’s titles indicated that the survey involved a range of qualified participants. The participant work experience was predominately from small organizations but the overall numbers did distribute across seven categories of organizational sizes.</p> <p>Survey analysis indicates that before you can effectively address the security needs of a business there are essential elements that need to be acknowledged, addressed and resolved. These elements identified below are derived from empirical evidence based on the Web survey and supporting literature.<br> <ol> <li> Web Application Development Methodology <li> Web Security Development Process Definition <li> End-Users Feed Back <li> Implement & Test Disaster Recovery Plans <li> Job Related Impact </ol> </p> <p>The basic principle is that there appears to be fundamental issues with industrial Web Application development that need to be addressed. The elements identified in this survey warrant additional research. Hence, the list is neither exhaustive nor conclusive and the elements are not mandatory for an organization to function. However, their presence will potentially improve the results of a Security Improvement Initiatives (SII) and/or provide a less resistant path to SII identified areas that need improvement. This information can also be used to identify problem areas in SII’s that are currently under construction.</ABSTRACT></RECORD></RECORDS></XML>