Security-Oriented Design for Web-Based Systems: A Critical Review

Abstract

Security of web-based systems still remains a key challenge for most IT executives, for software is vulnerable at various stages and most severely weakened in the operational environment. In the past, models and tools or even design techniques have been devised to tackle this challenge. But we still see the reemergence of the same security issues that afflict both traditional and modern web-based systems. Our major goal is to examine what has been done to date in managing this risk, particularly during the software development process and at the deployment stage, so as to establish the research gap upon which further research can revolve. Our findings show that available literature has not extensively addressed how current security mitigating mechanisms can enhance the development of secure web-based systems. Hence, future work directed at bridging this perspective will perhaps provide more insight in advanced techniques that can help manage this problem.