•   Home
  • Proceedings
  • 2010 Asia-Pacific Conference on Information Theory (APCIT 20...

2010 Asia-Pacific Conference on Information Theory (APCIT 2010 E-BOOK)

Xi'an,China,10.1-10.2,2010

ISBN: 978-1-935068-47-1 Scientific Research Publishing, USA

E-Book 506pp Pub. Date: November 2010

Category: Computer Science & Communications

Price: $80

Title: Security Code Review of Web Application
Source: 2010 Asia-Pacific Conference on Information Theory (APCIT 2010 E-BOOK) (pp 330-332)
Author(s): Xiangyan Lu, School of Computer and Electronics and Information, Guangxi University, Nanning 530004, China
Abstract: As many developers do not pay enough attention to security issues, many web applications exist security vulnerabilities that can be exploited by hackers. Code review is a critical approach for seeking software security vulnerabilities. It can discover more than 50 percent of defects in software. Ef- ficiency is one of the most important issues of code review. In this paper, for web application that lack of adequate attention to security issues in development process, we proposed a comprehensive process for the security code reviews of it in the safety review stage before delivering to the user. The comprehen- sive security code reviews process (CSCRP) includes four phases: preparation, analyze security vulner- abilities types, security vulnerabilities review and security vulnerabilities reports. Our experiment di- vided the participants into two groups, the first group acted as web application developers, the second group acted as security experts applying code review. In the experiment, CSCRP and checklist reading methods were compared, the result showed that CSCRP is more efficient than checklist reading meth- ods.
Proceedings by Subjects
Resources
Products
Contact us
book@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1243940697
Book Publishing WeChat
Follow SCIRP
Free SCIRP Newsletters
Copyright © 2006-2024 Scientific Research Publishing Inc. All Rights Reserved.
Top