It is commonly known that most applications suffer from security holes that are sooner or later exploited. One reason is that for developers the term "security" is difficult to grasp. Many security properties exist and there are many methods to enforce them or to avoid implementing common vulnerabilities in applications. Ontologies can help to get an overview of web security and to structure this domain by relating relevant assets, methods, tools, security properties, vulnerabilities and threats (referred to as knowledge objects). In this paper, we present a novel ontology with a focus on secure web applications, called SecWAO. It is based on the Context model of SecEval, which is a domain model tailored to describe knowledge objects. By providing an overview, SecWAO supports teaching purposes and web developers when specifying security requirements or making design decisions.
Marianne Busch, Martin Wirsing. An Ontology for Secure Web Applications. International Journal of Software and Informatics, 2015,9(2):233~258Copy