Security models for web-based applications
Communications of the ACM
Abstracting application-level web security
Proceedings of the 11th international conference on World Wide Web
Web site auditing: first step towards re-engineering
SEKE '02 Proceedings of the 14th international conference on Software engineering and knowledge engineering
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Where security education is lacking
InfoSecCD '05 Proceedings of the 2nd annual conference on Information security curriculum development
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Improving software practice through education: Challenges and future trends
FOSE '07 2007 Future of Software Engineering
Some Trends in Web Application Development
FOSE '07 2007 Future of Software Engineering
Three empirical studies on estimating the design effort of Web applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Web application security tutorial
Journal of Computing Sciences in Colleges - Papers of the Fourteenth Annual CCSC Midwestern Conference and Papers of the Sixteenth Annual CCSC Rocky Mountain Conference
Security auditing course development
Proceedings of the 8th ACM SIGITE conference on Information technology education
Better abstractions for secure server-side scripting
Proceedings of the 17th international conference on World Wide Web
A platform-independent approach for auditing information systems
HDKM '08 Proceedings of the second Australasian workshop on Health data and knowledge management - Volume 80
A report on a survey and study of static analysis users
DEFECTS '08 Proceedings of the 2008 workshop on Defects in large software systems
Hi-index | 0.00 |
This paper explores the push toward more "bottom-up" design strategies for the creation of web applications, a push which has produced a strengthening of code auditing, training, and education. Part of that push arises from compliance issues, particularly government regulations such as Sarbanes- Oxley and PCI DSS, regulations which require long-term, cost-efficient strategies to maintain. In web application design, this means businesses must place greater emphasis on these bottom-up strategies.