Experimental Evaluation of Security Requirements Engineering Benefits
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 11
Abstract
Security Requirements Engineering (SRE) approaches are designed to improve information system security by thinking about security requirements at the beginning of the software development lifecycle. This paper is a quantitative evaluation of the benefits of applying such an SRE approach. The followed methodology was to develop two versions of the same web application, with and without using SRE, then comparing the level of security in each version by running different test tools. The subsequent results clearly support the benefits of the early use of SRE with a 38% security improvement in the secure version of the application. This security benefit reaches 67% for high severity vulnerabilities, leaving only non-critical and easy-to-fix vulnerabilities.
Authors and Affiliations
Jaouad Boutahar, Ilham Maskani, Souhaïl El Ghazi El Houssaïni
Keywords
Related Articles
- EP ID EP417695
- DOI 10.14569/IJACSA.2018.091158
- Views 109
- Downloads 0
Comparative Study of Data Sending Methods for XML and JSON Models
Data exchange between different devices and applications has become a necessity nowadays. Data is no longer stored locally on the device, but in the cloud. In order to communicate with the cloud and exchange data, web se...
Robust Fuzzy-Second Order Sliding Mode based Direct Power Control for Voltage Source Converter
This paper focuses on a second order sliding mode based direct power controller (SOSM-DPC) of a three-phase grid-connected voltage source converter (VSC). The proposed control scheme combined with fuzzy logic aims at reg...
An Spin / Promela Application for Model checking UML Sequence Diagrams
UML sequence diagrams usually represent the behavior of systems execution. Automated verification of UML sequence diagrams’ correctness is necessary because they can model critical algorithmic behaviors of information sy...
Distributed Energy Efficient Node Relocation Algorithm (DEENR)
Wireless Sensor Networks (WSNs) due to their inherent features are vulnerable to single or multiple sensor node failure. Node’s failure can result in partitioning of the networks resulting in loss of inter-node connectiv...
A Review of Towered Big-Data Service Model for Biomedical Text-Mining Databases
The rapid growth of biomedical informatics has drawn increasing popularity and attention. The reason behind this are the advances in genomic, new molecular, biomedical approaches and various applications like protein ide...