| Title | Trustworthiness Assessment of Web Applications: Approach and Experimental Study using Input Validation Coding Practices |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Lemes, C. I., Naessens, V., Vieira, M. |
| Conference Name | 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE) |
| Keywords | assessment, assessment techniques, coding practices, composability, feasible security practices results, input validation coding practices, input validation practices, Internet, pubcrawl, quality model, secure code, security of data, security perspective, security vulnerabilities, software quality, software security, trustworthiness, trustworthiness assessment, vulnerabilities, Web application, Web applications |
| Abstract | The popularity of web applications and their world-wide use to support business critical operations raised the interest of hackers on exploiting security vulnerabilities to perform malicious operations. Fostering trust calls for assessment techniques that provide indicators about the quality of a web application from a security perspective. This paper studies the problem of using coding practices to characterize the trustworthiness of web applications from a security perspective. The hypothesis is that applying feasible security practices results in applications having a reduced number of unknown vulnerabilities, and can therefore be considered more trustworthy. The proposed approach is instantiated for the concrete case of input validation practices, and includes a Quality Model to compute trustworthiness scores that can be used to compare different applications or different code elements in the same application. Experimental results show that the higher scores are obtained for more secure code, suggesting that it can be used in practice to characterize trustworthiness, also providing guidance to compare and/or improve the security of web applications. |
| DOI | 10.1109/ISSRE.2019.00050 |
| Citation Key | lemes_trustworthiness_2019 |
Trustworthiness Assessment of Web Applications: Approach and Experimental Study using Input Validation Coding Practices