Abstract
Web application creators often get lack understanding of security threats that can occur in applications that are made, while security threats can create new problems that are more complex. These security threats will pose risks and can even result in large losses. Determining the risk ratings on a web application software development team is still experiencing problem or debate. The problem which occurs is that not all of the team members agree on the risk rating assessment process. This problem is caused by the differences in opinions and assumptions of the team members about threats and the fact that the assessor has different types of expertise, DREAD model places each expert in the same position. It means that there are no differences in weight at the time of assessment. DREAD stands for five aspects which are related to security threats in web applications. They are D (Potential Damage), R (Reproducibility), E (Exploitability), A (Affected User), and D (Discoverability). The proposal gives weight to the assessor by using profile matching method to produce an assessment involving assessors with different types of expertise, weighting on each assessor is according to their relevance to the assessed aspects, and rating on the type of expertise is according to the aspects assessed for the DREAD model. The result of the study shows that the proposed method can produce the weight closeness of the assessment to the target.
Highlights
The application which is used by agencies and companies is currently experiencing rapid progress
The problem that occurs is that the team members do not all agree on the risk rating assessment process
The problem is that in the event which the assessor has a different type of expertise, DREAD model places each expert in the same position, and it means that there is no difference on weight at the time of assessment weighting
Summary
The application which is used by agencies and companies is currently experiencing rapid progress. Security threats that can be categorized as input validation, authorization, authentication, cryptography, exception management, configuration management, session management, sensitive data, parameter manipulation, audit, and logging These security threats will pose risks and can cause many problems, and can even lead to large losses. The problem that occurs is that the team members do not all agree on the risk rating assessment process This problem is caused by the fact that team members have different opinions and assumptions about threats [3]. The problem is that in the event which the assessor has a different type of expertise, DREAD model places each expert in the same position, and it means that there is no difference on weight at the time of assessment weighting. The weighting model proposed in this study uses profile matching to get ranking from the assessor
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
