Published: Oct 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.20171001.pre
Volume 8
Martin Gilje Jaatun
Content Forthcoming
Add to Your Personal Library: Article Published: Oct 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017100101
Volume 8
Inger Anne Tøndel, Martin Gilje Jaatun, Daniela Soares Cruzes, Nils Brede Moe
When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article...
Show More
When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article presents the results of a study made among 23 public organisations, mapping their risk-centric activities and practices, and challenges for implementing them. The authors found that their software security practices were not based on an assessment of software security risks, but rather driven by compliance. Additionally, their practices could in many cases be characterised as arbitrary, late and error driven, with limited follow up on any security issues throughout their software development projects. Based on the results of the study, the authors identified the need for improvements in three main areas: responsibilities and stakeholder cooperation; risk perception and competence; and, practical ways of doing risk analysis in agile projects.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Tøndel, Inger Anne, et al. "Risk Centric Activities in Secure Software Development in Public Organisations." IJSSE vol.8, no.4 2017: pp.1-30. http://doi.org/10.4018/IJSSE.2017100101
APA
Tøndel, I. A., Jaatun, M. G., Cruzes, D. S., & Moe, N. B. (2017). Risk Centric Activities in Secure Software Development in Public Organisations. International Journal of Secure Software Engineering (IJSSE), 8(4), 1-30. http://doi.org/10.4018/IJSSE.2017100101
Chicago
Tøndel, Inger Anne, et al. "Risk Centric Activities in Secure Software Development in Public Organisations," International Journal of Secure Software Engineering (IJSSE) 8, no.4: 1-30. http://doi.org/10.4018/IJSSE.2017100101
Export Reference
Published: Oct 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017100102
Volume 8
Hossain Shahriar, Hisham Haddad, Pranahita Bulusu
Lightweight Directory Access Protocol (LDAP) is commonly used in web applications to provide lookup information and enforcing authentication. Web applications may suffer from LDAP injection...
Show More
Lightweight Directory Access Protocol (LDAP) is commonly used in web applications to provide lookup information and enforcing authentication. Web applications may suffer from LDAP injection vulnerabilities that can lead to security breaches such as login bypass and privilege escalation. This paper1 proposes OCL fault injection-based detection of LDAP injection attacks. The authors extract design-level information and constraints expressed in OCL and then randomly alter them to generate test cases that have the capability to uncover LDAP injection vulnerabilities. The authors proposed approaches to implement test case generation, and they used one open source PHP application and one custom application to evaluate the proposed approach. The analysis shows that this approach can detect LDAP injection vulnerabilities.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Shahriar, Hossain, et al. "LDAP Vulnerability Detection in Web Applications." IJSSE vol.8, no.4 2017: pp.31-50. http://doi.org/10.4018/IJSSE.2017100102
APA
Shahriar, H., Haddad, H., & Bulusu, P. (2017). LDAP Vulnerability Detection in Web Applications. International Journal of Secure Software Engineering (IJSSE), 8(4), 31-50. http://doi.org/10.4018/IJSSE.2017100102
Chicago
Shahriar, Hossain, Hisham Haddad, and Pranahita Bulusu. "LDAP Vulnerability Detection in Web Applications," International Journal of Secure Software Engineering (IJSSE) 8, no.4: 31-50. http://doi.org/10.4018/IJSSE.2017100102
Export Reference
Published: Oct 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017100103
Volume 8
Sanjay Misra, Adewole Adewumi, Robertas Damasevicius, Rytis Maskeliunas
In order to maintain the quality of software, it is important to measure it complexity. This provides an insight into the degree of comprehensibility and maintainability of the software. Measurement...
Show More
In order to maintain the quality of software, it is important to measure it complexity. This provides an insight into the degree of comprehensibility and maintainability of the software. Measurement can be carried out using cognitive measures which are based on cognitive informatics. A number of such measures have been proposed in literature. The goal of this article is to identify the features and advantages of the existing measures. In addition, a comparative analysis is done based on some selected criteria. The results show that there is a similar trend in the output obtained from the different measures when they are applied to different examples. This makes it easy for adopting organisations to readily choose from the options based on the availability of tool support.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Misra, Sanjay, et al. "Analysis of Existing Software Cognitive Complexity Measures." IJSSE vol.8, no.4 2017: pp.51-71. http://doi.org/10.4018/IJSSE.2017100103
APA
Misra, S., Adewumi, A., Damasevicius, R., & Maskeliunas, R. (2017). Analysis of Existing Software Cognitive Complexity Measures. International Journal of Secure Software Engineering (IJSSE), 8(4), 51-71. http://doi.org/10.4018/IJSSE.2017100103
Chicago
Misra, Sanjay, et al. "Analysis of Existing Software Cognitive Complexity Measures," International Journal of Secure Software Engineering (IJSSE) 8, no.4: 51-71. http://doi.org/10.4018/IJSSE.2017100103
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100