<XML><RECORDS><RECORD><REFERENCE_TYPE>10</REFERENCE_TYPE><REFNUM>8509</REFNUM><AUTHORS><AUTHOR>Glisson,W.B.</AUTHOR><AUTHOR>Welland,R.</AUTHOR></AUTHORS><YEAR>2007</YEAR><TITLE>Web Engineering Security (WES) Technical Report</TITLE><PLACE_PUBLISHED>DCS Technical Report Series</PLACE_PUBLISHED><PUBLISHER>Dept of Computing Science, University of Glasgow</PUBLISHER><PAGES>51</PAGES><ISBN>TR-2007-243</ISBN><LABEL>Glisson:2007:8509</LABEL><KEYWORDS><KEYWORD>Web Engineering</KEYWORD></KEYWORDS<ABSTRACT>This document explains the Web Engineering Security (WES) process for the construction of secure Web based application development projects. WES is a process neutral methodology that has been developed to address specific development issues: • Active organizational support for security in the Web development process • Proper Controls in the development environment • Security visibility throughout all areas of the development process • Delivery of a cohesive system, integrating business requirements, software and security • Prompt, rigorous testing and evaluation • Trust and Accountability [39]. In addition, WES supports the implementation of an Application Development Methodology, a clear Web Security Development Process Definition, the acquisition of End-Users Feed Back, the Implementation & Testing of Disaster Recovery Plans, and putting into effect a Job Related Impact scheme for secure application development[41]. The identification of the project’s risk to the business, specific application security requirements, secure design and coding standards, controlled implementations and rigorous security testing practices, encourages a development environment conducive to creating and delivering increasingly secure Web applications that satisfy the needs of the end-user. Who in our global web enabled environment provides the ultimate decree on the triumph of an applications practical utilization of security.</ABSTRACT></RECORD></RECORDS></XML>