Web Engineering Security (WES) Methodology




Glisson, William Bradley
Welland, Ray

Journal Title

Journal ISSN

Volume Title


Communications of the Association for Information Systems


The impact of the World Wide Web on basic operational economical components in global information-rich civilizations is significant. The repercussions force organizations to provide justification for security from a businesscase perspective and to focus on security from a Web application development environment standpoint. The need for clarity promoted an investigation through the acquisition of empirical evidence from a high level Web survey and a more detailed industry survey to analyze security in the Web application development environment ultimately contributing to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The synthesis of information provided was used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization’s chosen application development process.


An paper co-authored by William Glisson that was published by the Communications of the Association for Information Systems in 2014


industry, organization, method, case study, security, information systems


Glisson, William Bradley and Welland, Ray (2014) "Web Engineering Security (WES) Methodology," Communications of the Association for Information Systems: Vol. 34 , Article 71. DOI: 10.17705/1CAIS.03471