| Summary: | 碩士 === 長庚大學 === 資訊管理學系 === 101 === Services based on web application are playing important role in everyday activities, thus everyone are taking more seriously on web security. There are dynamic and static inspecting techniques that could help managers to understand how safe their web applications are. And the report of inspecting are proves of web application security. Governments and security organizations have proposed web security guidance and standards which standardizing inspecting process. However, managers are having a hard time with these different forms of reports, inspecting process and security standards. In this thesis, a standard process based on OWASP ASVS is proposed. The process includes standard inspecting forms and documents, and designing a system that could help setting security process, goals, range and requirements. Contributions of the system include: (1) As managers refer security standards, the system can help to lower the level of difficulty. (2) The system can offer more confidence to the inspecting report. (3) The system can list standardize documents. (4) The system can refer standard inspecting process to help managers.
|
|---|
