Weifeng Xu, Lin Deng, and Tao Ding
Security risks, web resources, risk annotation
Both legitimate users and attackers use resources to realize their goals. These goals are either desired or malicious in terms of the role of users. This paper presents a novel approach for detecting web security risks by focusing on the resources used/exploited by both legitimate users and attackers. To systematically detect security risks of web applications, first, security risks have been formally defined in terms of web resources, then, behavioral risk models are constructed based on UML design models. Security risks of a web application are identified and organized in terms of use case scenarios derived from the behavioral risk models
Important Links:
Go Back
