Performance Analysis of Security Requirements Engineering Framework by Measuring the Vulnerabilities
Journal: The International Arab Journal of Information Technology (Vol.15, No. 3)Publication Date: 2018-05-01
Authors : Salini Prabhakaran; Kanmani Selvadurai;
Page : 435-444
Keywords : Requirements engineering; security mechanism; security requirements; security requirements engineering; web applications and vulnerabilities;
Abstract
To develop security critical web applications, specifying security requirements is important, since 75% to 80% of all attacks happen at the web application layer. We adopted security requirements engineering methods to identify security requirements at the early stages of software development life cycle so as to minimize vulnerabilities at the later phases. In this paper, we present the evaluation of Model Oriented Security Requirements Engineering (MOSRE) framework and Security Requirements Engineering Framework (SREF) by implementing the identified security requirements of a web application through each framework while developing respective web application. We also developed a web application without using any of the security requirements engineering method in order to prove the importance of security requirements engineering phase in software development life cycle. The developed web applications were scanned for vulnerabilities using the web application scanning tool. The evaluation was done in two phases of software development life cycle: requirements engineering and testing. From the results, we observed that the number of vulnerabilities detected in the web application developed by adopting MOSRE framework is less, when compared to the web applications developed adopting SREF and without using any security requirements engineering method. Thus, this study led the requirements engineers to use MOSRE framework to elicit security requirements efficiently and also trace security requirements from requirements engineering phase to later phases of software development life cycle for developing secure web applications.
Other Latest Articles
- Fracture of Bone-Like Microstructure under Three-Point Bending Test
- Advanced Architecture for Java Universal Message Passing (AA-JUMP)
- Complementary Approaches Built as Web Service for Arabic Handwriting OCR Systems via Amazon Elastic MapReduce (EMR) Model
- An Efficient Web Search Engine for Noisy Free Information Retrieval
- Energy Consumption Improvement and Cost Saving by Cloud Broker in Cloud Datacenters
Last modified: 2019-04-29 21:41:21