To main content

Towards a pattern language for security risk analysis of web applications

Abstract

This article introduces a pattern language for security risk analysis of web applications in an example driven manner. The example patterns presented include a composite pattern and three basic patterns, namely a security requirements pattern, a web application design pattern and a risk analysis modelling pattern. The pattern language is intended to be used as a guideline to capture the security risk picture of a web application, especially in the early phase of the software development life cycle. The overall aim is to support light weighted security risk analysis for web applications.

Category

Academic chapter/article/Conference paper

Language

English

Author(s)

Affiliation

  • University of Oslo
  • SINTEF Digital / Software and Service Innovation

Year

2013

Publisher

Hillside

Book

PLoP 2013 Conference Proceedings, 20th Conference on pattern languages and programs

ISBN

978-1-941652-00-8

View this publication at Cristin