Web Engineering Security (WES) Methodology
Abstract
The impact of the World Wide Web on basic operational economical components in global information-rich
civilizations is significant. The repercussions force organizations to provide justification for security from a businesscase
perspective and to focus on security from a Web application development environment standpoint. The need
for clarity promoted an investigation through the acquisition of empirical evidence from a high level Web survey and
a more detailed industry survey to analyze security in the Web application development environment ultimately
contributing to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application
Development (SCWAD). The synthesis of information provided was used to develop the Web Engineering Security
(WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable
components that is based on empirical evidence and used to explicitly integrate security throughout an
organization’s chosen application development process.