Agile Development of Secure Web-Based Applications

Purpose – The purpose of this paper is to detail a Library open source software (OSS) development project resulting in the launch of StatBase, a statistical gathering and data visualization tool, so that organizations can adopt a locally managed alternative to costly data aggregation tools. Design/methodology/approach – This case study is based on a literature review, Agile development framework, and user experience modeling. The software solution features a Joomla framework with contributed modules and open source architecture. Findings – This case study demonstrates the creation and practical implementation of a scalable OSS platform for data management and analysis. Practical implications – Provides a frame of reference and methodology for libraries, both public and academic, seeking to implement a web-based resource to gather, organize, and interpret statistical metrics via a centralized, lightweight, open source architecture. Originality/value – This case study provides a detailed scope and step-by-step technology process description by which an organization can adopt or model the StatBase solution for business metrics.

Download Full-text

Research on PHP Agile Development Framework

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.765-767.924 ◽

2013 ◽

Vol 765-767 ◽

pp. 924-927

Author(s):

Kun Tian ◽

Chong Wen Wang

Keyword(s):

Agile Development ◽

Security Risks ◽

Mvc Pattern ◽

Mvc Model ◽

Highly Efficient ◽

Development Framework

After analysis and comparison on the existing PHP frameworks, a PHP Agile development framework based on the MVC pattern has been proposed which is simple, efficient, and easy to learn, develop and operate. It has a unique entrance designed to facilitate the reunification process and the system overall management, to prevent the site exposure much and reduce the security risks. We present some highly efficient improvement for every layer of the MVC model, and we will give the detailed introduction about the improvement approaches in this paper.

Download Full-text

Application of Bayesian network in risk assessment for website deployment scenarios

Journal of Science and Technology on Information security ◽

10.54654/isj.v14i2.209 ◽

2022 ◽

Vol 2 (14) ◽

pp. 3-16

Author(s):

Vu Thi Huong Giang ◽

Nguyen Manh Tuan

Keyword(s):

Risk Assessment ◽

Bayesian Network ◽

Cyber Security ◽

Rapid Development ◽

Cyber Attacks ◽

Security Risk ◽

Security Testing ◽

Security Risks ◽

Web Based ◽

Assessment Results

Abstract—The rapid development of web-based systems in the digital transformation era has led to a dramatic increase in the number and the severity of cyber-attacks. Current attack prevention solutions such as system monitoring, security testing and assessment are installed after the system has been deployed, thus requiring more cost and manpower. In that context, the need to assess cyber security risks before the deployment of web-based systems becomes increasingly urgent. This paper introduces a cyber security risk assessment mechanism for web-based systems before deployment. We use the Bayesian network to analyze and quantify the cyber security risks posed by threats to the deployment components of a website. First, the deployment components of potential website deployment scenarios are considered assets, so that their properties are mapped to specific vulnerabilities or threats. Next, the vulnerabilities or threats of each deployment component will be assessed according to the considered risk criteria in specific steps of a deployment process. The risk assessment results for deployment components are aggregated into the risk assessment results for their composed deployment scenario. Based on these results, administrators can compare and choose the least risky deployment scenario. Tóm tắt—Sự phát triển mạnh mẽ của các hệ thống trên nền tảng web trong công cuộc chuyển đổi số kéo theo sự gia tăng nhanh chóng về số lượng và mức độ nguy hiểm của các cuộc tấn công mạng. Các giải pháp phòng chống tấn công hiện nay như theo dõi hoạt động hệ thống, kiểm tra và đánh giá an toàn thông tin mạng được thực hiện khi hệ thống đã được triển khai, do đó đòi hỏi chi phí và nhân lực thực hiện lớn. Trong bối cảnh đó, nhu cầu đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế trở nên cấp thiết. Bài báo này giới thiệu một cơ chế đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế. Chúng tôi sử dụng mạng Bayes để phân tích và định lượng rủi ro về an toàn thông tin do các nguồn đe dọa khác nhau gây ra trên các thành phần triển khai của một website. Đầu tiên, các thành phần triển khai của các kịch bản triển khai website tiềm năng được mô hình hoá dưới dạng các tài sản, sao cho các thuộc tính của chúng đều được ánh xạ với các điểm yếu hoặc nguy cơ cụ thể. Tiếp đó, các điểm yếu, nguy cơ của từng thành phần triển khai sẽ được đánh giá theo các tiêu chí rủi ro đang xét tại mỗi thời điểm cụ thể trong quy trình triển khai. Kết quả đánh giá của các thành phần triển khai được tập hợp lại thành kết quả đánh giá hệ thống trong một kịch bản cụ thể. Căn cứ vào kết quả đánh giá rủi ro, người quản trị có thể so sánh các kịch bản triển khai tiềm năng với nhau để lựa chọn kịch bản triển khai ít rủi ro nhất.

Download Full-text

Security Testing Framework for Web Applications

10.4018/978-1-6684-3702-5.ch023 ◽

2022 ◽

pp. 453-479

Author(s):

Layla Mohammed Alrawais ◽

Mamdouh Alenezi ◽

Mohammad Akour

Keyword(s):

Web Applications ◽

False Positive Rate ◽

Requirement Engineering ◽

Security Threats ◽

Security Measures ◽

Security Testing ◽

Web Based ◽

Testing Framework ◽

Positive Rate ◽

Detection Ratio

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.

Download Full-text

Building Across –Platform Mobile Apps Using Phone Gap

IMS Manthan (The Journal of Innovations) ◽

10.18701/imsmanthan.v11i01.6877 ◽

2016 ◽

Vol 11 (01) ◽

Author(s):

Neetu Singh

Keyword(s):

Open Source ◽

Mobile Devices ◽

Open Source Software ◽

Mobile Apps ◽

Web Based ◽

Development Framework ◽

Mobile Development

Phone Gap is a mobile development framework produced by Nitobi, purchased by Adobe Systems. It enables software programmers to build applications for mobile devices using JavaScript, HTML5 and CSS3, instead of device-specific languages such as Objective-C or Java. The resulting applications are hybrid, meaning that they are neither truly native nor purely web-based. The software underlying PhoneGap is Apache Cordova. The software was previously called just “PhoneGap”, then “Apache Callback”. Apache Cordova is open source software.

Download Full-text

An Agile Perspective on Open Source Software Engineering

International Journal of Open Source Software and Processes ◽

10.4018/ijossp.2012070105 ◽

2012 ◽

Vol 4 (3) ◽

pp. 52-65

Author(s):

Sofiane Sahraoui ◽

Noor Al-Nahas ◽

Rania Suleiman

Keyword(s):

Software Engineering ◽

Software Development ◽

Open Source ◽

Open Source Software ◽

Agile Development ◽

Planning And Design ◽

Development Framework ◽

Software Engineering Process ◽

Development Processes ◽

Agile Software

Open source software (OSS) development has been a trend parallel to that of agile software development, which is the highly iterative development model following conventional software engineering principles. Striking similarities exist between the two development processes as they seem to follow the same generic phases of software development. Both modes of development have less emphasis on planning and design and a more prominent role for implementation during the software engineering process. This article expounds on this connection by adopting an agile perspective on OSS development to emphasize the similarities and dissimilarities between the two models. An attempt is first made to show how OSS development fits into the generic agile development framework. Then, the article demonstrates how the development process of Mozilla and Apache as two of the most famous OSS projects can be recast within this framework. The similarity discussed and illustrated between agile and OSS development modes is rather limited to the mechanics of the development processes and do not include the philosophies and motivations behind development.

Download Full-text

Security Testing Framework for Web Applications

International Journal of Software Innovation ◽

10.4018/ijsi.2018070107 ◽

2018 ◽

Vol 6 (3) ◽

pp. 93-117 ◽

Cited By ~ 1

Author(s):

Layla Mohammed Alrawais ◽

Mamdouh Alenezi ◽

Mohammad Akour

Keyword(s):

Web Applications ◽

False Positive Rate ◽

Requirement Engineering ◽

Security Threats ◽

Security Measures ◽

Security Testing ◽

Web Based ◽

Testing Framework ◽

Positive Rate ◽

Detection Ratio

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.

Download Full-text