Paper Info
Title
Trustworthiness Assessment of Web Applications: Approach and Experimental Study using Input Validation Coding Practices
Abstract
The popularity of web applications and their world-wide use to support business critical operations raised the interest of hackers on exploiting security vulnerabilities to perform malicious operations. Fostering trust calls for assessment techniques that provide indicators about the quality of a web application from a security perspective. This paper studies the problem of using coding practices to characterize the trustworthiness of web applications from a security perspective. The hypothesis is that applying feasible security practices results in applications having a reduced number of unknown vulnerabilities, and can therefore be considered more trustworthy. The proposed approach is instantiated for the concrete case of input validation practices, and includes a Quality Model to compute trustworthiness scores that can be used to compare different applications or different code elements in the same application. Experimental results show that the higher scores are obtained for more secure code, suggesting that it can be used in practice to characterize trustworthiness, also providing guidance to compare and/or improve the security of web applications.
Year
DOI
Venue
2019
10.1109/ISSRE.2019.00050
2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)
Keywords
Field
DocType
Software Security,Vulnerabilities,Trustworthiness,Web Applications,Assessment,Coding Practices
Data validation,Computer science,Trustworthiness,Computer security,Software security assurance,Popularity,Hacker,Coding (social sciences),Web application,Reliability engineering,Vulnerability
Conference
ISSN
ISBN
Citations 
1071-9458
978-1-7281-4983-7
0
PageRank 
References 
Authors
0.34
9
3
Name
Order
Citations
PageRank
Cristiano Inácio Lemes100.34
Vincent Naessens28619.70
Marco Vieira3971112.31