An S-vector for Web Application Security Management
نویسندگان
چکیده
Existing security scoring methods are expensive to implement, lack management orientation and are “best practice” based, and thus have only transient meaning. This paper proposes a web application security assessment method based on a security scoring vector (S-vector). The S-vector assessment method would be used by IT administrators to manage security of their web applications. It shares some analogous features with the Rvalue for insulation.
منابع مشابه
امنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کاملWeb Application Firewalls: Application Protection and Much More
EXECUTIVE SUMMARY The Web Application Firewall market as it existed several years ago has disappeared. The Web Application Firewall of yesterday has been superseded by a new generation of Web Application Firewall that not only delivers enhanced security features, but also provides more sophisticated features to appeal to large enterprises. Advanced security features include learning modes, cust...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملAnomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کاملAn Enterprise Security Management System as a Web-Based Application Service for Small/Medium Businesses
Enterprises use security equipments in order to protect their information assets from various attacks such as viruses and hacking. However, such individual equipments hardly provide enterprise level integrated security. Recently, there has been a great need in small/medium businesses to purchase such integrated security services in a cost effective way by means of an ASP solution. We propose th...
متن کامل