Change search
ReferencesLink to record
Permanent link

Direct link
A metamodel for web application injection attacks and countermeasures
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
2012 (English)In: Trends in Enterprise Architecture Research and Practice-Driven Research on Enterprise Transformation: 7th Workshop, TEAR 2012, and 5th Working Conference, PRET 2012, Held at The Open Group Conference 2012, Barcelona, Spain, October 23-24, 2012. Proceedings / [ed] Stephan Aier, Mathias Ekstedt, Florian Matthes, Erik Proper, Jorge L. Sanz, Springer, 2012, 198-217 p.Conference paper (Refereed)
Abstract [en]

Web application injection attacks such as cross site scripting and SQL injection are common and problematic for enterprises. In order to defend against them, practitioners with large heterogeneous system architectures and limited resources struggle to understand the effectiveness of different countermeasures under various conditions. This paper presents an enterprise architecture metamodel that can be used by enterprise decision makers when deciding between different countermeasures for web application injection attacks. The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker. This metamodel is based on a literature review and revised according to the judgment by six domain experts identified through peer-review.

Place, publisher, year, edition, pages
Springer, 2012. 198-217 p.
, Lecture Notes in Business Information Processing, ISSN 1865-1348 ; 131
Keyword [en]
Cyber security, web applications, enterprise architecture
National Category
Computer and Information Science
Research subject
URN: urn:nbn:se:kth:diva-100911DOI: 10.1007/978-3-642-34163-2_12ISI: 000345279800012ScopusID: 2-s2.0-84868322833ISBN: 978-364234162-5OAI: diva2:545800
7th Workshop on Trends in Enterprise Architecture Research, TEAR 2012, and the 5th Conf. on Practice-Driven Research on Enterprise Transformation, PRET 2012, co-located with The Open Group's Conf. on Enterprise Architecture, Cloud Computing, Security; Barcelona;23 October 2012 through 24 October 2012

QC 20120926

Available from: 2012-09-26 Created: 2012-08-21 Last updated: 2015-06-11Bibliographically approved

Open Access in DiVA

fulltext(397 kB)751 downloads
File information
File name FULLTEXT01.pdfFile size 397 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Holm, HannesEkstedt, Mathias
By organisation
Industrial Information and Control Systems
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 751 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 109 hits
ReferencesLink to record
Permanent link

Direct link