Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security Requirements Engineering: When Anti-Requirements Hit the Fan
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
Introducing Abuse Frames for Analysing Security Requirements
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
A requirements taxonomy for reducing Web site privacy vulnerabilities
Requirements Engineering
Eliciting security requirements with misuse cases
Requirements Engineering
Viewing business-process security from different perspectives
International Journal of Electronic Commerce - Special issue: Developing the business components of the digital economy
Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab
Towards a comprehensive framework for secure systems development
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Hi-index | 0.00 |
This paper describes results and reflects on the experience of engineering a secure web based system for the pre-employment screening domain. In particular, the paper presents results from a Knowledge Transfer Partnership KTP project between the School of Computing, IT and Engineering at the University of East London and the London-based award winning pre-employment company Powerchex Ltd. The Secure Tropos methodology, which is based on the principle of secure by design, has been applied to the project to guide the development of a web based system to support employment reference and background checking specifically for the financial services industry. Findings indicate the potential of the methodology for the development of secure web based systems, and support the argument of incorporating security considerations from the early stages of the software development process, i.e., the idea of secure by design. The developed system was tested by a third, independent to the project, party using a well known method of security testing, i.e., penetration testing, and the results provided did not indicate the presence of any major security problems. The experience and lessons learned by the application of the methodology to an industrial setting are also discussed in the paper.