Computing at Glasgow University
Paper ID: 8509
DCS Tech Report Number: TR-2007-243

Web Engineering Security (WES) Technical Report
Glisson,W.B. Welland,R.

Publication Type: Tech Report (internal)
Appeared in: DCS Technical Report Series
Page Numbers : 51
Publisher: Dept of Computing Science, University of Glasgow
Year: 2007

This document explains the Web Engineering Security (WES) process for the construction of secure Web based application development projects. WES is a process neutral methodology that has been developed to address specific development issues: • Active organizational support for security in the Web development process • Proper Controls in the development environment • Security visibility throughout all areas of the development process • Delivery of a cohesive system, integrating business requirements, software and security • Prompt, rigorous testing and evaluation • Trust and Accountability [39]. In addition, WES supports the implementation of an Application Development Methodology, a clear Web Security Development Process Definition, the acquisition of End-Users Feed Back, the Implementation & Testing of Disaster Recovery Plans, and putting into effect a Job Related Impact scheme for secure application development[41]. The identification of the project’s risk to the business, specific application security requirements, secure design and coding standards, controlled implementations and rigorous security testing practices, encourages a development environment conducive to creating and delivering increasingly secure Web applications that satisfy the needs of the end-user. Who in our global web enabled environment provides the ultimate decree on the triumph of an applications practical utilization of security.

Keywords: Web Engineering, Security, Methodologies, Application Development, Design

PDF Bibtex entry Endnote XML