Guan, H, Yang, H and Hakeem, H (2014) 'Reverse engineering web applications for security mechanism enhancement.' In: Chang, C.K, Gao, Y, Hurson, A, Matskin, M, McMillin, B, Okabe, Y, Seceleanu, C and Yoshida, K, eds. Proceedings: IEEE 38th Annual International Computers, Software and Applications Conference Workshops. IEEE Computer Society, Tokyo, pp. 492-497. ISBN 9781479935789
This paper focuses on reverse engineering web application for security mechanisms detection in the current design and thereby presents a security evaluation method for web application taking consideration of potential threats, security features provided by the detected security mechanisms and user's security objectives. Based on our previous work on risk assessment for web applications, evaluation of current security implementation is conducted combining core security structure detection and security knowledge checklist matching. Reverse engineering techniques have been used to extract system models from source code based on which security relevant artefacts are identified and matched with built security artefacts base. The paper describes the general structure of the proposed method.
|Item Type:||Book Chapter or Section|
|Divisions:||College of Liberal Arts|
|Date Deposited:||10 Apr 2015 16:07|
|Last Modified:||05 Mar 2017 19:32|
|Request a change to this item or report an issue|
|Update item (repository staff only)|