Improving Extreme Programming Framework With Security Concerns For E-Commerce Applications

As people are increasingly engaging in e-commerce, security is becoming a paramount issue. E-commerce involves a great deal of credit card numbers, fund transfers, web shopping, and other forms of private information that needs to remain secure. Although, the knowledge of how to develop a secure...

Full description

Saved in:
Bibliographic Details
Main Author: Bala, Musa Shuaibu
Format: Thesis
Language:en_US
Subjects:
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As people are increasingly engaging in e-commerce, security is becoming a paramount issue. E-commerce involves a great deal of credit card numbers, fund transfers, web shopping, and other forms of private information that needs to remain secure. Although, the knowledge of how to develop a secure web application is known, the major concern is the insufficiency of the right developmental framework and practices. The use of inappropriate methodologies in developing an e-commerce application can seriously undermine organizations' confidentiality and integrity of data. Although different web application development frameworks have basic security considerations, most of the security concerns are not applied across the entire development lifecycle. This is unfortunate. This study proposes an Improved Extreme Programming Framework with security concerns across the entire developmental lifecycle by leveraging the successes of Extreme Programming Methodology. The major contribution is the building of a security framework that inculcates security considerations across the development lifecycle which can be adapted by security critical applications like e-commerce sites. The implementation and evaluation of this proposed framework, with previous web application security development frameworks, have shown that a 96 percent security level is achieved, despite the four percent of failures. The Failures are of information severity status, which are not typically critical to the security of the underlying application. This further point to inculcating security considerations at all the stages of the developmental lifecycle is significantly necessary for vulnerability mitigation. Previous frameworks do not address this problem due to the trade-off between security and functionality.