The Experts below are selected from a list of 65352 Experts worldwide ranked by ideXlab platform
Ray Welland - One of the best experts on this subject based on the ideXlab platform.
-
Web Engineering Security (WES) Methodology
Communications of the Association for Information Systems, 2014Co-Authors: William Bradley Glisson, Ray WellandAbstract:The World Wide Web has had a significant impact on basic operational economical components in global information rich civilizations. This impact is forcing organizations to provide justification for security from a business case perspective and to focus on security from a Web application development environment perspective. This increased focus on security was the basis of a business case discussion and led to the acquisition of empirical evidence gathered from a high level Web survey and more detailed industry surveys to analyse security in the Web application development environment. Along with this information, a collection of evidence from relevant literature was also gathered. Individual aspects of the data gathered in the previously mentioned activities contributed to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The Essential Elements present the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. The Security Criteria for Web Application Development identifies criteria that need to be addressed by a secure Web Engineering process. Both the EE and SCWAD are presented in detail along with relevant justification of these two elements to Web Engineering. SCWAD is utilized as a framework to evaluate the security of a representative selection of recognized software Engineering processes used in Web Engineering application development. The software Engineering processes appraised by SCWAD include: the Waterfall Model, the Unified Software Development Process (USD), Dynamic Systems Development Method (DSDM) and eXtreme Programming (XP). SCWAD is also used to assess existing security methodologies which are comprised of the Orion Strategy; Survivable / Viable IS approaches; Comprehensive Lightweight Application Security Process (CLASP) and Microsoft’s Trust Worthy Computing Security Development Lifecycle. The synthesis of information provided by both the EE and SCWAD were used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization’s chosen application development process. In order to evaluate the practical application of the EE, SCWAD and the WES methodology, two case studies were conducted during the course of this research. The first case study describes the application of both the EE and SCWAD to the Hunterian Museum and Art Gallery’s Online Photo Library (HOPL) Internet application project. The second case study presents the commercial implementation of the WES methodology within a Global Fortune 500 financial service sector organization. The assessment of the WES methodology within the organization consisted of an initial survey establishing current security practices, a follow-up survey after changes were implemented and an overall analysis of the security conditions assigned to projects throughout the life of the case study.
-
Security and computer forensics in Web Engineering education
2010Co-Authors: William Bradley Glisson, Ray Welland, L.m. GlissonAbstract:The integration of security and forensics into Web Engineering curricula is imperative! Poor security in Web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a Web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications.
-
ARES - Web Engineering Security: Essential Elements
The Second International Conference on Availability Reliability and Security (ARES'07), 2007Co-Authors: William Bradley Glisson, Ray WellandAbstract:Security is an elusive target in today's high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide security improvement initiatives in Web Engineering
-
ICWE - Web Engineering security: a practitioner's perspective
Proceedings of the 6th international conference on Web engineering - ICWE '06, 2006Co-Authors: William Bradley Glisson, Andrew Mcdonald, Ray WellandAbstract:There are a number of critical factors driving security in Web Engineering. These include: economic issues, people issues, and legislative issues. This paper presents the argument that a Security Improvement Approach (SIA), which can be applied to different Web Engineering development processes, is essential to successfully addressing Web application security. In this paper, the criteria that any SIA will have to address, for a Web Engineering process, are presented. The criteria are derived with supporting empirical evidence based on an in-depth security survey conducted within a Fortune 500 financial service sector organization and supporting literature. The contribution of this paper is two fold. The criteria presented in this paper can be used to assess the security of an existing Web Engineering process and also to guide Security Improvement Initiatives in Web Engineering.
-
ICWE - Evaluation of Commercial Web Engineering Processes
Lecture Notes in Computer Science, 2004Co-Authors: Andrew Mcdonald, Ray WellandAbstract:Over the past five years a small number of specific commercial processes and evolutions to traditional software Engineering processes for Web Engineering have been proposed. The existing Web Engineering literature focuses mainly on techniques and tools that underpin the process of building Web applications, with little or no focus on the commercial suitability of the Web Engineering processes themselves. Based on our experience and surveys of Web Engineering in practice, we have defined a set of essential criteria to be addressed by a commercial Web Engineering process. In this paper we present a systematic evaluation of a sample of commercial Web Engineering processes against these criteria. None of the commercial Web Engineering processes evaluated addresses all the identified criteria. Ultimately to address the criteria for a Web Engineering process there is a need for a different type of process.
Yogesh Deshpande - One of the best experts on this subject based on the ideXlab platform.
-
Web Engineering technical discipline or social process
The Web Conference, 2005Co-Authors: Bebo White, David Lowe, Martin Gaedke, Daniel Schwabe, Yogesh DeshpandeAbstract:This panel aims to explore the nature of the emerging Web Engineering discipline. It will attempt to strongly engage with the issue of whether Web Engineering is currently, and (more saliently) should be in the future, viewed primarily as a technical design discipline with its attention firmly on the way in which Web technologies can be leveraged in the design process, or whether it should be viewed primarily as a socio-positioned discipline which focuses on the nature of the way in which projects are managed, needs are understood and users interact.
-
WWW (Special interest tracks and posters) - Web Engineering: technical discipline or social process?
Special interest tracks and posters of the 14th international conference on World Wide Web - WWW '05, 2005Co-Authors: Bebo White, David Lowe, Martin Gaedke, Daniel Schwabe, Yogesh DeshpandeAbstract:This panel aims to explore the nature of the emerging Web Engineering discipline. It will attempt to strongly engage with the issue of whether Web Engineering is currently, and (more saliently) should be in the future, viewed primarily as a technical design discipline with its attention firmly on the way in which Web technologies can be leveraged in the design process, or whether it should be viewed primarily as a socio-positioned discipline which focuses on the nature of the way in which projects are managed, needs are understood and users interact.
-
ICWE - Web Engineering curriculum: A case study of an evolving framework
Lecture Notes in Computer Science, 2004Co-Authors: Yogesh DeshpandeAbstract:In their comprehensive review of computing disciplines, the Joint (ACM and IEEE-CS) Task Force on Computing Curricula identified a group of subjects as Net-centric, to be taught at under-graduate level. Web Engineering was still in its infancy at the time. We started a Web Engineering specialization at master’s level in 1999 and have recently reviewed it comprehensively. Based on our experience in teaching different aspects of Web development at both under-graduate and graduate levels, this paper proposes a framework to design curricula for Web Engineering that can evolve in tandem with the evolution of the Web. The framework helps to dovetail the knowledge areas in a coherent manner avoiding a smorgasbord approach to curriculum design.
-
Web Engineering
2002Co-Authors: Yogesh Deshpande, Martin Gaedke, Daniel Schwabe, San Murugesan, Athula Ginige, Steve Hansen, Bebo WhiteAbstract:Web Engineering is the application of systematic, disciplined and quantifiable approaches to development, operation, and maintenance of Web-based applications. It is both a pro-active approach and a growing collection of theoretical and empirical research in Web application development. This paper gives an overview of Web Engineering by addressing the questions: a) why is it needed? b) what is its domain of operation? c) how does it help and what should it do to improve Web application development? and d) how should it be incorporated in education and training? The paper discusses the significant differences that exist between Web applications and conventional software, the taxonomy of Web applications, the progress made so far and the research issues and experience of creating a specialisation at the master's level. The paper reaches a conclusion that Web Engineering at this stage is a moving target since Web technologies are constantly evolving, making new types of applications possible, which in turn may require innovations in how they are built, deployed and maintained.
-
Web Engineering: Managing Diversity and Complexity of Web Application Development - Web Engineering: A New Discipline for Development of Web-Based Systems
Lecture Notes in Computer Science, 2001Co-Authors: San Murugesan, Yogesh Deshpande, Steve Hansen, Athula GinigeAbstract:In most cases, development of Web-based systems has been ad hoc, lacking systematic approach, and quality control and assurance procedures. Hence, there is now legitimate and growing concern about the manner in which Web-based systems are developed and their quality and integrity. Web Engineering, an emerging new discipline, advocates a process and a systematic approach to development of high quality Web-based systems. It promotes the establishment and use of sound scientific, Engineering and management principles, and disciplined and systematic approaches to development, deployment and maintenance of Web-based systems. This paper gives an introductory overview on Web Engineering. It presents the principles and roles of Web Engineering, assesses the similarities and differences between development of traditional software and Web-based systems, and identifies key Web Engineering activities. It also highlights the prospects of Web Engineering and the areas that need further study.
Emilia Mendes - One of the best experts on this subject based on the ideXlab platform.
-
New Directions in Web Data Management 1 - Web Engineering and Metrics
Studies in Computational Intelligence, 2011Co-Authors: Emilia MendesAbstract:The objective of this chapter is three-fold. First, it provides an introduction to Web Engineering, and discusses the need for empirical investigations in this area. Second, it defines concepts such as metrics and measurement, and details the types of quantitative metrics that can be gathered when carrying out empirical investigations in Web Engineering. Third, it presents the three main types of empirical investigations – surveys, case studies, and formal experiments.
-
The Need for Empirical Web Engineering
Cost Estimation Techniques for Web Projects, 2008Co-Authors: Emilia MendesAbstract:The objective of this chapter is to motivate the need for empirical investigations in Web Engineering, and additionally to describe the three main types of empirical investigations that can be used by Web companies to understand, control, and improve the products they develop and the processes they use. These three main types of empirical investigations are surveys, case studies, and formal experiments. Although all these three types are described in this chapter, we focused our attention on formal experiments as these are the most difficult type of investigation to plan and execute.
-
the need for Web Engineering an introduction
Web Engineering, 2006Co-Authors: Emilia Mendes, Nile Mosley, Steve CounsellAbstract:The objective of this chapter is three-fold. First, it provides an overview of differences between Web and software development with respect to their development processes, technologies, quality factors, and measures. Second, it provides definitions for terms used throughout the book. Third, it discusses the need for empirical investigations in Web Engineering and presents the three main types of empirical investigations — surveys, case studies, and formal experiments.
-
ISESE - A systematic review of Web Engineering research
2005 International Symposium on Empirical Software Engineering 2005., 2005Co-Authors: Emilia MendesAbstract:This paper uses a systematic literature review as means of investigating the rigor of claims arising from Web Engineering research. Rigor is measured using criteria combined from software Engineering research. We reviewed 173 papers and results have shown that only 5% would be considered rigorous methodologically. In addition to presenting our results, we also provide suggestions for improvement of Web Engineering research based on lessons learnt by the software Engineering community.
-
A systematic review of Web Engineering research
2005 International Symposium on Empirical Software Engineering 2005., 2005Co-Authors: Emilia MendesAbstract:This paper uses a systematic literature review as means of investigating the rigor of claims arising from Web Engineering research. Rigor is measured using criteria combined from software Engineering research. We reviewed 173 papers and results have shown that only 5% would be considered rigorous methodologically. In addition to presenting our results, we also provide suggestions for improvement of Web Engineering research based on lessons learnt by the software Engineering community.
Andrew Mcdonald - One of the best experts on this subject based on the ideXlab platform.
-
ICWE - Web Engineering security: a practitioner's perspective
Proceedings of the 6th international conference on Web engineering - ICWE '06, 2006Co-Authors: William Bradley Glisson, Andrew Mcdonald, Ray WellandAbstract:There are a number of critical factors driving security in Web Engineering. These include: economic issues, people issues, and legislative issues. This paper presents the argument that a Security Improvement Approach (SIA), which can be applied to different Web Engineering development processes, is essential to successfully addressing Web application security. In this paper, the criteria that any SIA will have to address, for a Web Engineering process, are presented. The criteria are derived with supporting empirical evidence based on an in-depth security survey conducted within a Fortune 500 financial service sector organization and supporting literature. The contribution of this paper is two fold. The criteria presented in this paper can be used to assess the security of an existing Web Engineering process and also to guide Security Improvement Initiatives in Web Engineering.
-
ICWE - Evaluation of Commercial Web Engineering Processes
Lecture Notes in Computer Science, 2004Co-Authors: Andrew Mcdonald, Ray WellandAbstract:Over the past five years a small number of specific commercial processes and evolutions to traditional software Engineering processes for Web Engineering have been proposed. The existing Web Engineering literature focuses mainly on techniques and tools that underpin the process of building Web applications, with little or no focus on the commercial suitability of the Web Engineering processes themselves. Based on our experience and surveys of Web Engineering in practice, we have defined a set of essential criteria to be addressed by a commercial Web Engineering process. In this paper we present a systematic evaluation of a sample of commercial Web Engineering processes against these criteria. None of the commercial Web Engineering processes evaluated addresses all the identified criteria. Ultimately to address the criteria for a Web Engineering process there is a need for a different type of process.
-
ICWE - Agile Web Engineering (AWE) process: multidisciplinary stakeholders and team communication
Lecture Notes in Computer Science, 2003Co-Authors: Andrew Mcdonald, Ray WellandAbstract:The Agile Web Engineering (AWE) Process is an agile or light-weight process that has been created to tackle the challenges that have been identified in Web Engineering: short development life-cycle times; multidisciplinary development teams; delivery of bespoke solutions comprising software and data. AWE helps teams identify and manage the interactions between the business, domain, software and creative design strands in Web Engineering projects. This paper gives an overview of the wide diversity of stakeholder roles reflected within AWE and how AWE tries to ensure communication between multidisciplinary sub-teams on large Web Engineering projects.
-
Web Engineering in Practice
2001Co-Authors: Andrew McdonaldAbstract:During October, November and December 2000, we conducted interviews with a number of people within organisations in the United Kingdom who are involved in the development of Web-based applications. The goals of the survey were to try to identify more clearly the major issues facing the development of Web-based systems, and to see which, if any, traditional software Engineering practices and techniques were being successfully applied. Fifteen interviewees from seven different organisations took part in the survey. This paper describes the background and results of our survey, and the conclusions that can be drawn about the practice of Web Engineering. We also discuss the major characteristics that describe Web-based application development, and the issues that a successful Web Engineering process will have to address. More details of this survey can be found in our technical report [13] ‘A Survey of Web Engineering in Practice’.
-
Agile Web Engineering (AWE) Process
2001Co-Authors: Andrew Mcdonald, Ray WellandAbstract:This document describes the Agile Web Engineering (AWE) Process for the construction of Web-based applications. AWE is a lightweight process that has been developed to tackle the problems associated with the development of Web-based applications: short development life-cycle times; small multidisciplinary development teams; delivery of bespoke solutions integrating software and data. In addition AWE encourages: more focus on requirements analysis, including a clear analysis of business needs; better testing and evaluation of deliverables; and clear consideration of the issues associated with the evolution of Web-based applications. By identifying and managing the interaction between business, domain, software and creative design strands within Web Engineering projects, AWE provides a roadmap that allows Web-based endeavours to deliver solutions that satisfy EndUsers, who are ultimately the litmus test for success.
San Murugesan - One of the best experts on this subject based on the ideXlab platform.
-
Web Engineering : Principles and Techniques - Web Engineering : introduction and perspectives
Web Engineering, 2005Co-Authors: San Murugesan, Athula GinigeAbstract:Web-based systems and applications now deliver a complex array of functionality to a large number of diverse groups of users. As our dependence and reliance on the Web has increased dramatically over the years, their performance, reliability and quality have become paramount importance. As a result, the development of Web applications has become more complex and challenging than most of us think. In many ways, it is also different and more complex than traditional software development. But, currently, the development and maintenance of most Web applications is chaotic and far from satisfactory. To successfully build and maintain large, complex Web-based systems and applications, Web developers need to adopt a disciplined development process and a sound methodology. The emerging discipline of Web Engineering advocates a holistic, disciplined approach to successful Web development. In this chapter, we articulate and raise awareness of the issues and considerations in large, complex Web application development, and introduce Web Engineering as a way of managing complexity and diversity of large-scale Web development.
-
Web Engineering
2002Co-Authors: Yogesh Deshpande, Martin Gaedke, Daniel Schwabe, San Murugesan, Athula Ginige, Steve Hansen, Bebo WhiteAbstract:Web Engineering is the application of systematic, disciplined and quantifiable approaches to development, operation, and maintenance of Web-based applications. It is both a pro-active approach and a growing collection of theoretical and empirical research in Web application development. This paper gives an overview of Web Engineering by addressing the questions: a) why is it needed? b) what is its domain of operation? c) how does it help and what should it do to improve Web application development? and d) how should it be incorporated in education and training? The paper discusses the significant differences that exist between Web applications and conventional software, the taxonomy of Web applications, the progress made so far and the research issues and experience of creating a specialisation at the master's level. The paper reaches a conclusion that Web Engineering at this stage is a moving target since Web technologies are constantly evolving, making new types of applications possible, which in turn may require innovations in how they are built, deployed and maintained.
-
Web Engineering: Managing Diversity and Complexity of Web Application Development - Web Engineering: A New Discipline for Development of Web-Based Systems
Lecture Notes in Computer Science, 2001Co-Authors: San Murugesan, Yogesh Deshpande, Steve Hansen, Athula GinigeAbstract:In most cases, development of Web-based systems has been ad hoc, lacking systematic approach, and quality control and assurance procedures. Hence, there is now legitimate and growing concern about the manner in which Web-based systems are developed and their quality and integrity. Web Engineering, an emerging new discipline, advocates a process and a systematic approach to development of high quality Web-based systems. It promotes the establishment and use of sound scientific, Engineering and management principles, and disciplined and systematic approaches to development, deployment and maintenance of Web-based systems. This paper gives an introductory overview on Web Engineering. It presents the principles and roles of Web Engineering, assesses the similarities and differences between development of traditional software and Web-based systems, and identifies key Web Engineering activities. It also highlights the prospects of Web Engineering and the areas that need further study.
-
Web Engineering: Managing Diversity and Complexity of Web Application Development - Web Engineering: Beyond CS, IS and SE Evolutionary and Non-Engineering Perspectives
Lecture Notes in Computer Science, 2001Co-Authors: Yogesh Deshpande, San Murugesan, Steve HansenAbstract:With the advent of the World Wide Web, 'computing' has gone beyond the traditional computer science, information systems and software Engineering. The Web has brought computing to far more people than computing professionals ever dealt with and led to mushrooming growth of Web-based applications. Implicitly, computing professionals are no longer the privileged intermediaries between computers and other people, as end-users and the technological advances take their toll. On the other hand, the new applications must still be developed in disciplined ways. Engineering embodies such disciplined methods. While the generic term Engineering, meaning a systematic application of scientific knowledge in creating and building cost-effective solutions to practical problems, is integral to many disciplines, the term Web Engineering per se may not be widely understood or accepted at this stage. This paper elaborates on the concept of Web Engineering, relates it to computer science, software Engineering and information systems, draws upon past experiences in software development and critically analyses it from the point of view of computing professionals who are not themselves engineers.
-
Web Engineering a new discipline for development of Web based systems
Lecture Notes in Computer Science, 2001Co-Authors: San Murugesan, Yogesh Deshpande, Steve Hansen, Athula GinigeAbstract:In most cases, development of Web-based systems has been ad hoc, lacking systematic approach, and quality control and assurance procedures. Hence, there is now legitimate and growing concern about the manner in which Web-based systems are developed and their quality and integrity. Web Engineering, an emerging new discipline, advocates a process and a systematic approach to development of high quality Web-based systems. It promotes the establishment and use of sound scientific, Engineering and management principles, and disciplined and systematic approaches to development, deployment and maintenance of Web-based systems. This paper gives an introductory overview on Web Engineering. It presents the principles and roles of Web Engineering, assesses the similarities and differences between development of traditional software and Web-based systems, and identifies key Web Engineering activities. It also highlights the prospects of Web Engineering and the areas that need further study.
