| Summary: | 碩士 === 國立臺灣科技大學 === 資訊管理系 === 99 === To simplify the deployment of applications, more and more organizations adopt Web-based architecture to establish their applications recently. Therefore, Web application security becomes more and more important. In this case, Web application security inspection, which finds out vulnerabilities of Web applications, is an important means to ensure Web security. When current organizations usually request Web applications to be inspected before the applications are released, quality of Web application security inspection is critical. In this case, organizations can establish standard procedures to ensure quality of Web application security inspection.
To establish standard procedures for Web application security inspection, this study adapts the ISO / IEC 20000 standard as basis to establish procedures to address general quality assurance procedures. . Furthermore, focusing on core Web application security inspection processes, this study first uses the Enterprise Risk Management (COSO-ERM) approach to analyze the risks that may influence the goals of Web application inspection. Moreover, we design the countermeasures to control possible risks in order to ensure the quality of inspection result.
The inspection process for Web application was adopted by Taiwan Information Security Center at National Taiwan University of Science and Technology (TWISC@NTUST). TWISC@NTUST has performed several Web application security inspection services and received appreciation from clients. We believe this study can contribute to provide guidelines for software security inspection service providers to establish their standard procedures to ensure quality of services.
|
|---|
