An Environment Driven Risk Assessment Model for Web Application
Web application is some kind of different one due to its application environment and complexity. Accordingly, risk to this kind of software is different to some extent.This paper proposes an environment driven risk assessment model abbreviated as EDRAM.The aim of this paper is to employ the EDRAM as an alternative methodology of risk assessment for web applications.The EDRAM takes into account not only the environments where the web applications are hosted but also the security CIA requirements of th in.Threats can be identified by proper sieving from the Common Threats List accompanying with a risk evaluation using DREAD. Assets criticalities is defined and considered with the final potential risk computing in EDRAM.Result shows that EDRAM is a lightweight and ease of use risk assessment model for web applications.
threat risk assessment web application classification
Hui Guan Weim Chen Jun Wang Hongji Yang
Department of Computer Science and Technology Shenyang University of Chemical Technology,Shenyang,Ch Department of Computer Science and Technology Shenyang University of Chemical Technology,Shenyang,Ch Department of Computer Science and Technology Shenyang University of Chemical Technology,Shenyang,Ch Software Research Technology Laboratory De Montfort University Leicester,England
国际会议
成都
英文
180-184
2011-07-15(万方平台首次上网日期,不代表论文的发表时间)