Enhancing the security measures for web based application / Herman Md Tahir

Md Tahir, Herman (2015) Enhancing the security measures for web based application / Herman Md Tahir. Masters thesis, Universiti Teknologi MARA (UiTM).

Abstract

Security measures for a web based application can vary depending on organization objectives. An international standard is a good baseline or reference for measuring the security level of a web based application. The ISO/IEC 9126-1 defined the quality model for software product, consisting of characteristics namely Functionality, Reliability, Usability, Efficiency, Maintainability and Portability and its' sub characteristics. Security on the other hand is identified as one of the sub characteristic of Functionality. The ISO/IEC TR 9126-2 further explained the quality model of ISO/IEC 9126-1 by defining the measures or metrics for the sub characteristics. However, the existing ISO/IEC TR 9126-2 that was last revised in 2003 is limited in term of exposure to the latest IT and SE technology. It is also reported to be having certain weaknesses (Rafa A, 2009). Furthermore the standard defines general measures or metrics which can be applied to any type of product. Rightfully, a different type of application requires more specific security measures than the existing ones in the standard. Industry guidelines such as the Open Web Application Security Project (OWASP) and the Information Security Management Systems (ISMS) are another source to identify the security measures. This research is aimed at studying the current practice for measuring the security of a web based application and eventually proposes additional Security measures for web based application based on collective industry best practices, practitioners experience and input and expert opinions. Based on content analysis and interviews conducted on experts, summarized in this report is the proposed additional security measures or metrics for web based application.

Metadata

Item Type: Thesis (Masters)
Creators:
Creators
Email / ID Num.
Md Tahir, Herman
UNSPECIFIED
Contributors:
Contribution
Name
Email / ID Num.
Thesis advisor
Zambri, Suzana
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Instruments and machines > Electronic Computers. Computer Science > Cryptography. Access control. Computer security
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunication > Computer networks. General works. Traffic monitoring > Web applications
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences
Programme: Master of Science (Information Technology)
Keywords: Security measures, security metrics, web based application
Date: 2015
URI: https://ir.uitm.edu.my/id/eprint/64720
Edit Item
Edit Item

Download

[thumbnail of 64720.pdf] Text
64720.pdf

Download (119kB)

Digital Copy

Digital (fulltext) is available at:

Physical Copy

Physical status and holdings:
Item Status:
On Shelf

ID Number

64720

Indexing

Statistic

Statistic details