Portland, Oregon
June 12, 2005
June 12, 2005
June 15, 2005
2153-5965
17
10.23.1 - 10.23.17
10.18260/1-2--15410
https://peer.asee.org/15410
4333
A Complete Strategy for Web Application Security
Hua Xu, Ronald J. Glotzbach, Nathan W. Hartman
Purdue University
Abstract
This paper is intent to develop a complete strategy to secure Web applications. The strategy is
intended to improve the practices of the professionals associated with the development and
operations of Web applications. Web application security is about protecting confidentiality,
integrity, and availability of an organization’s Web assets as well as the organization’s
reputation. The solution to Web application security is more than technology. It also involves
policies, procedures, laws, people, and practices. Also, security is not a one-time effort. It should
be an ongoing process integrated into the application development lifecycle. Security, like other
Web application components, is best managed if planned at the initial phase of the application
lifecycle. This strategy will help project managers and security professionals establish security
policies, conduct risk assessment, and address potential risks in a cost-effective manner. It
ensures system architects design secure application infrastructure. It makes sure application
Proceedings of the 2005 American Society for Engineering Education Annual Conference & Exposition Copyright © 2005, American Society for Engineering Education
Xu, H., & Glotzbach, R., & Hartman, N. (2005, June), A Complete Strategy For Web Application Security Paper presented at 2005 Annual Conference, Portland, Oregon. 10.18260/1-2--15410
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2005 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015