Reverse engineering web applications for security mechanism enhancement

Guan, H, Yang, H and Hakeem, H (2014) 'Reverse engineering web applications for security mechanism enhancement.' In: Chang, C.K, Gao, Y, Hurson, A, Matskin, M, McMillin, B, Okabe, Y, Seceleanu, C and Yoshida, K, eds. Proceedings: IEEE 38th Annual International Computers, Software and Applications Conference Workshops. IEEE Computer Society, Tokyo, pp. 492-497. ISBN 9781479935789

Abstract

This paper focuses on reverse engineering web application for security mechanisms detection in the current design and thereby presents a security evaluation method for web application taking consideration of potential threats, security features provided by the detected security mechanisms and user's security objectives. Based on our previous work on risk assessment for web applications, evaluation of current security implementation is conducted combining core security structure detection and security knowledge checklist matching. Reverse engineering techniques have been used to extract system models from source code based on which security relevant artefacts are identified and matched with built security artefacts base. The paper describes the general structure of the proposed method.

Item Type:	Book Chapter or Section
Divisions:	Bath School of Design
Date Deposited:	10 Apr 2015 16:07
Last Modified:	05 Jan 2022 16:07
URI / Page ID:	https://researchspace.bathspa.ac.uk/id/eprint/5956

	Request a change to this item or report an issue
	Update item (repository staff only)