To main content

Towards a pattern language for security risk analysis of web applications

Abstract

This article introduces a pattern language for security risk analysis of web applications in an example driven manner. The example patterns presented include a composite pattern and three basic patterns, namely a security requirements pattern, a web application design pattern and a risk analysis modelling pattern. The pattern language is intended to be used as a guideline to capture the security risk picture of a web application, especially in the early phase of the software development life cycle. The overall aim is to support light weighted security risk analysis for web applications.

Category

Academic chapter

Language

English

Author(s)

  • Yan Li
  • Ragnhild Kobro Runde
  • Ketil Stølen

Affiliation

  • SINTEF Digital / Sustainable Communication Technologies
  • University of Oslo

Year

2013

Publisher

Hillside

Book

PLoP 2013 Conference Proceedings, 20th Conference on pattern languages and programs

ISBN

9781941652008

View this publication at Norwegian Research Information Repository