As the use of web and mobile applications is becoming pervasive for service delivery and user mobility support, enterprises are now increasingly fighting against a huge number of emerging security threats which interfere with the process of service delivery. As an attempt to help the enterprises in dealing with the emerging security threats in the converged service delivery architecture, this paper presents a methodology for security threat analysis and security requirements specification in web/mobile applications development. The presented methodology is based on a case study Livestock Data Center (LDC) system, which is being developed and it allows both web and mobile interfaces as service delivery channels. Hence the system serves as a representative of other similar setups of service delivery.In addition to the processes of analysis and security specification, the methodology involves threat modeling as well. There are several threat models in the literature. The STRIDE threats model is one among the existing threats models that is used to identify security threats that needs to be addressed in systems such as the LDC system. The STRIDE threats model has been used to identify the likely security threats to our case study. On applying the STRIDE threats model the following threats were identified as prominent: sensitive data exposure, weak server side controls, client side injection, and weak authentication and authorization.The identified security threats were compared to existing threats in traditional web and mobile applications separately in order to figure out the changes when the two computing platforms come together. The findings from our case study have shown that the proposed methodology for security threat analysis and security design can be useful in security requirements specifications in the converged web-mobile applications during development, and can be generally used to assist developers of other similar systems.
Contemporary development of information systems for service delivery is at the present a matter of bringing together use of web and mobile applications. However, this advancement in the field of computing is happening at the expense of increased security risks to the system users and owners. This is due to the fact that the advancement in systems security controls is not taking place at the same pace. In the converged web and mobile applications, developers lack formal development standards for security design and verification. As a result, applications are built with ad hoc implementations of security controls depending on context of usage.In view of the above, this paper attempts to put forward a possible set of security controls considered to be suitable for addressing the security demands in converged web and mobile applications environments. To achieve this objective, use is made of a Livestock Data Center (LDC) system as a case study for analysis and reasoning. By design, the system can be accessed through web and mobile applications. The overall process involved here had the following phases: the first phase involved reviewing existing security controls and assessment of their usage in the converged web and mobile applications. The output from this stage was a review of security controls assessment report. The second phase involved devising and proposing a possible, security assessment model for the converged web and mobile applications. The last phase of this process, involved employing the proposed security controls assessment model and the case study to identify the possible security controls suitable for the converged web and mobile applications.The approach used for security controls assessment involved a combination of white box and black box techniques. Whereas the platforms used for Web and mobile applications development were PHP and Java, respectively. This last item has been done to practically assess the security controls at an application level, and consequently to come up with suitable controls for the same.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.