Modeling the OWASP Most Critical WEB Attacks

Ayachi, Yassine; Ettifouri, El Hassane; Berrich, Jamal; Bouchentouf, Toumi

doi:10.1007/978-3-030-03577-8_49

Cited by 5 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secure software coding challenges SSC is not as simple as it seems to be, various challenges are faced during this process. Some critical challenges involved in SSC are listed below [38][39][40][41][42][43][44][45][46][47][48][49][50] :…”

Section: 2mentioning

confidence: 99%

“…SSC is not as simple as it seems to be, various challenges are faced during this process. Some critical challenges involved in SSC are listed below 38‐50 : Injection, Broken authentication and session management, Cross‐site scripting Insecure direct object reference, Security misconfiguration, Sensitive data exposure, Missing function level access control, Cross‐site request forgery, Using components with know vulnerabilities, Invalidated redirects and forwards, Data validation, Authentication, Session management, Authorization, Cryptography, Error handling, Logging, Security configuration, Network architecture. …”

Section: Motivation and Related Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Toward a readiness model for secure software coding

et al. 2022

View full text Add to dashboard Cite

The heart of the application's secure operation is its software code. If the code contains flaws, the entire program might be hacked. The issue with software vulnerabilities is that they reveal coding flaws that hackers could exploit. The prevention of cybersecurity issues begins with the program code itself. When writing software code, a software developer must consider expressing the application's architecture and design requirements, keeping the code streamlined and efficient, and ensuring the code is safe. Secure code helps save the system from various cyber-attacks by eliminating the weaknesses that many hacks rely on. To assist the software organization in Secure Software Coding (SSC), this article proposes a readiness model for SSC, namely SSCRM. The proposed model has five levels; SSC challenges and best practices (BP) are mapped at each level. The proposed model will help the organizations better understand SSC challenges and BPs and provide a roadmap for developing secure software code. The proposed model was evaluated using three case studies. The findings demonstrate that the proposed approach helps determine an organization's SSC level.

show abstract

Section: 2mentioning

confidence: 99%

Section: Motivation and Related Reviewmentioning

confidence: 99%

Toward a readiness model for secure software coding

et al. 2022

View full text Add to dashboard Cite

show abstract

“…OWASP concerns providing impartial, practical information about security in web applications to individuals, corporations, universities, government agencies, and other organizations worldwide. Many open source security-related tools (e.g., Sonar) and current research (e.g., [2]) on web application security use OWASP as a definitive reference. Hence, we consider the reliability of this project as a reasonable assumption.…”

Section: A Assumptionsmentioning

confidence: 99%

An Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

Villamizar

Neto

Kalinowski

et al. 2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in (review) meetings, they are often not aware that they should also discuss security-related topics, and (2) they typically do not have enough security expertise. These concerns become even more challenging in agile development contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach to support reviewing security-related aspects in agile requirements specifications of web applications. The designed approach considers user stories and security specifications as input and relates those user stories to security properties via Natural Language Processing (NLP) techniques. Based on the related security properties, our approach then identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified and generates a focused reading techniques to support reviewers in detecting detects. We evaluate our approach via two controlled experiment trials. We compare the effectiveness and efficiency of novice inspectors verifying security aspects in agile requirements using our reading technique against using the complete list of OWASP high-level security requirements. The (statistically significant) results indicate that using the reading technique has a positive impact (with very large effect size) on the performance of inspectors in terms of effectiveness and efficiency.

show abstract

“…As the complexity of software systems grows, new vulnerabilities emerge. Increased networking and system complexity stress out the requirement for securing the systems [1], [2], [3]. System security should be managed with a proactive way instead of focusing on putting out fires [1].…”

Section: Introductionmentioning

confidence: 99%