Security risk analysis in web application design

Rattikorn Hewett, Phongphun Kijsanayothin, Meinhard Peters

Research output: Contribution to conferencePaperpeer-review


Web-based information systems play increasingly important roles in providing functions and business services for many organizations. Because of their ubiquitous natures dealing with a huge and diverse population of users, web applications must be tolerant to errors, adverse interactions and malicious attacks. The ability to quickly estimate security risks early in the system development life cycle can be beneficial in making various decisions. This is particularly crucial for large and complex web applications that are asset-critical and evolve rapidly through long life cycles. This paper presents a systematic approach for the automated assessment of security risks, at the design stage, of web-based information systems. The approach combines risk concepts in reliability engineering with heuristics using characteristics of software and hardware deployment design to estimate security risks of the system to be developed. It provides a simple early estimate of security risks that can help locate high-risk software components. We discuss limitations of the approach and give an illustration in an industrial engineering and business-to-business domain using a case study of a web-based material requirements planning system for a manufacturing enterprise.

Original languageEnglish
Number of pages8
StatePublished - 2007
Event3rd International Conference on Web Information Systems and Technologies, Webist 2007 - Barcelona, Spain
Duration: Mar 3 2007Mar 6 2007


Conference3rd International Conference on Web Information Systems and Technologies, Webist 2007


  • Computer security
  • Risk assessment
  • Software design
  • Web-based systems


Dive into the research topics of 'Security risk analysis in web application design'. Together they form a unique fingerprint.

Cite this