Improving Extreme Programming Framework With Security Concerns For E-Commerce Applications
As people are increasingly engaging in e-commerce, security is becoming a paramount issue. E-commerce involves a great deal of credit card numbers, fund transfers, web shopping, and other forms of private information that needs to remain secure. Although, the knowledge of how to develop a secure...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | en_US |
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | As people are increasingly engaging in e-commerce, security is becoming a
paramount issue. E-commerce involves a great deal of credit card numbers, fund
transfers, web shopping, and other forms of private information that needs to remain
secure. Although, the knowledge of how to develop a secure web application is
known, the major concern is the insufficiency of the right developmental framework
and practices. The use of inappropriate methodologies in developing an e-commerce
application can seriously undermine organizations' confidentiality and integrity of
data. Although different web application development frameworks have basic security
considerations, most of the security concerns are not applied across the entire
development lifecycle. This is unfortunate. This study proposes an Improved Extreme
Programming Framework with security concerns across the entire developmental
lifecycle by leveraging the successes of Extreme Programming Methodology. The
major contribution is the building of a security framework that inculcates security
considerations across the development lifecycle which can be adapted by security
critical applications like e-commerce sites. The implementation and evaluation of this
proposed framework, with previous web application security development
frameworks, have shown that a 96 percent security level is achieved, despite the four
percent of failures. The Failures are of information severity status, which are not
typically critical to the security of the underlying application. This further point to
inculcating security considerations at all the stages of the developmental lifecycle is
significantly necessary for vulnerability mitigation. Previous frameworks do not
address this problem due to the trade-off between security and functionality. |
|---|