Threat Modeling
Eliciting security requirements with misuse cases
Requirements Engineering
Security Design Based on Social Modeling
COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 02
Security Requirements for the Rest of Us: A Survey
IEEE Software
Security Requirements Engineering: A Framework for Representation and Analysis
IEEE Transactions on Software Engineering
Analysis and Component-based Realization of Security Requirements
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Eliciting Security Requirements through Misuse Activities
DEXA '08 Proceedings of the 2008 19th International Conference on Database and Expert Systems Application
A Methodological Tool for Asset Identification in Web Applications: Security Risk Assessment
ICSEA '09 Proceedings of the 2009 Fourth International Conference on Software Engineering Advances
RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
| Hi-index | 0.00 |
The popularity and complexity of web application present challenges to the security implementation for web engineering. Threat elicitation is an indispensable step for developers to identify the possible threats to the web applications in the early phase of software development. In this context, a novel approach is proposed to ease the threats elicitation for web application by using a defined web application classification as the sieve to sift a common threat list. The final result shows that the proposed model is a simplified and effective solution to threats elicitation to web application.