Benchmark Handbook: For Database and Transaction Processing Systems
Benchmark Handbook: For Database and Transaction Processing Systems
Writing Secure Code
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks
PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
Secure coding in c and c++
A hybrid analysis framework for detecting web application vulnerabilities
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
A Trust-Based Benchmark for DBMS Configurations
PRDC '09 Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing
| Hi-index | 0.00 |
Comparing the security of web applications is very hard and, although there are many proposals of security metrics in the literature, no consensual quantitative security metric has been proposed so far. In this paper we study the use of trust-based metrics as an alternative for benchmarking the security of web applications code. The approach consists of quantifying and exposing evidences that show that developers applied valuable best practices to prevent potential security vulnerabilities, thus improving the trustworthiness that can be justifiably put in the application. The idea is that the metrics should portray the relative level of trust users can put in an application regarding its ability to prevent attacks. To demonstrate the idea we conducted a preliminary experimental evaluation using two implementations of a complex Web Service. Although further research is needed, preliminary results suggest that trust-based metrics are a promising approach to compare web applications in terms of security features.