Security from the bottom-up: compliance regulations and the trend toward design-oriented web applications

Authors:
Matthew M. North;Max M. North;Sarah M. North
Affiliations:
Cox Communications, Alpharetta, GA;Southern Polytechnic State University, Marietta, GA;Clark Atlanta University, Atlanta, GA
Venue:
Journal of Computing Sciences in Colleges
Year:
2009

Citing 16
Cited 0

Security models for web-based applications

Communications of the ACM
Abstracting application-level web security

Proceedings of the 11th international conference on World Wide Web
Web site auditing: first step towards re-engineering

SEKE '02 Proceedings of the 14th international conference on Software engineering and knowledge engineering
Web application security assessment by fault injection and behavior monitoring

WWW '03 Proceedings of the 12th international conference on World Wide Web
Where security education is lacking

InfoSecCD '05 Proceedings of the 2nd annual conference on Information security curriculum development
Using parse tree validation to prevent SQL injection attacks

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL injection attacks using AMNESIA

Proceedings of the 28th international conference on Software engineering
Improving software practice through education: Challenges and future trends

FOSE '07 2007 Future of Software Engineering
Some Trends in Web Application Development

FOSE '07 2007 Future of Software Engineering
Three empirical studies on estimating the design effort of Web applications

ACM Transactions on Software Engineering and Methodology (TOSEM)
Web application security tutorial

Journal of Computing Sciences in Colleges - Papers of the Fourteenth Annual CCSC Midwestern Conference and Papers of the Sixteenth Annual CCSC Rocky Mountain Conference
Security auditing course development

Proceedings of the 8th ACM SIGITE conference on Information technology education
Better abstractions for secure server-side scripting

Proceedings of the 17th international conference on World Wide Web
A platform-independent approach for auditing information systems

HDKM '08 Proceedings of the second Australasian workshop on Health data and knowledge management - Volume 80
A report on a survey and study of static analysis users

DEFECTS '08 Proceedings of the 2008 workshop on Defects in large software systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper explores the push toward more "bottom-up" design strategies for the creation of web applications, a push which has produced a strengthening of code auditing, training, and education. Part of that push arises from compliance issues, particularly government regulations such as Sarbanes- Oxley and PCI DSS, regulations which require long-term, cost-efficient strategies to maintain. In web application design, this means businesses must place greater emphasis on these bottom-up strategies.