Abstract

The demand for web services and applications in cyberspace is hindered by security concerns that are raised by corporate service providers and service users. There are concerns about the trustworthiness of the web services from both sides of the spectrum. Testing web services security is a critical step towards enhancing their trustworthiness. To address these issues, we propose a comprehensive framework for specifying security requirements for web services and web applications. Based on these comprehensive security requirements specifications, formal security test case generation can then be derived and performed. In this paper, we introduce the Security Requirements Behavior Model (SRBM) to help obtaining secure and hence trustworthy web services and applications. Using Firesmith' security requirements categories, the SRBM is based on Sindre's misuse cases, Firesmith's security use cases, and the operational model of computer security.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.