A review of factors influencing the implementation of secure framework for in-house web application development in Malaysian public sector

Jakeri, M.M. and Hassan, M.F. (2018) A review of factors influencing the implementation of secure framework for in-house web application development in Malaysian public sector. In: UNSPECIFIED.

Full text not available from this repository.
Official URL: https://www.scopus.com/inward/record.uri?eid=2-s2....

Abstract

Every year, web applications have expanded their presence in more areas in financial organizations, health organizations, public sector, retail and accommodation. Security is important in data protection so as not to be infringed by unauthorized parties. If the vulnerabilities found are not amended, it leads to cyber-attacks such as Structured Query Language Injection Attack (SQLIA) performed by certain parties which enable them to gain unauthorized data access. To cater security issues, variety of security frameworks for secure software development life cycle (SDLC) were introduced. Secure SDLC is created by integrating security-related activities to an each phase of in used development methodologies such as waterfall model or agile model. However, the application security problem continues to grow. Strict, complicated and heavyweight frameworks are underutilized due to several factors. The factors that influence the implementation of secure SDLC identified in public sector (the scope is State Secretary Offices in Malaysia) are inadequate development timeline, improper development team size and less awareness of team members' workload. It is agreed that integrating security at earlier (requirement and design) phase is the most effective and cheapest way to develop secure web application. Hence, an adaptive secure SDLC model is proposed to integrate security activities using Fuzzy Analytic Hierarchy Process (FAHP) focusing on the influence factors as the main criteria and meet the international and local secure frameworks standards. The proposed model will recommend adaptive security activities as a guideline to be applied at earlier phases of SDLC to help eliminate/ minimize the web application vulnerabilities and increase the application security and implemented as a proof-of-concept prototype at selected Malaysian public sector for in-house web application development. © 2018 IEEE

Item Type: Conference or Workshop Item (UNSPECIFIED)
Additional Information: cited By 4; Conference of 2018 IEEE Conference on Application, Information and Network Security, AINS 2018 ; Conference Date: 21 November 2018 Through 22 November 2018; Conference Code:144757
Uncontrolled Keywords: Cybersecurity; Life cycle; Query languages; Software design; Software prototyping, In-house web application development; Malaysian public sectors; Public sector; Secure software development; Secure software development life cycle; Security activities; Software development life-cycle; WEB application; Web application development; Web applications, Network security
Depositing User: Mr Ahmad Suhairi UTP
Date Deposited: 09 Nov 2023 16:36
Last Modified: 09 Nov 2023 16:36
URI: https://khub.utp.edu.my/scholars/id/eprint/10152

Actions (login required)

View Item
View Item