A metamodel for web application injection attacks and countermeasures
2012 (English)In: Trends in Enterprise Architecture Research and Practice-Driven Research on Enterprise Transformation: 7th Workshop, TEAR 2012, and 5th Working Conference, PRET 2012, Held at The Open Group Conference 2012, Barcelona, Spain, October 23-24, 2012. Proceedings / [ed] Stephan Aier, Mathias Ekstedt, Florian Matthes, Erik Proper, Jorge L. Sanz, Springer, 2012, 198-217 p.Conference paper (Refereed)
Web application injection attacks such as cross site scripting and SQL injection are common and problematic for enterprises. In order to defend against them, practitioners with large heterogeneous system architectures and limited resources struggle to understand the effectiveness of different countermeasures under various conditions. This paper presents an enterprise architecture metamodel that can be used by enterprise decision makers when deciding between different countermeasures for web application injection attacks. The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker. This metamodel is based on a literature review and revised according to the judgment by six domain experts identified through peer-review.
Place, publisher, year, edition, pages
Springer, 2012. 198-217 p.
, Lecture Notes in Business Information Processing, ISSN 1865-1348 ; 131
Cyber security, web applications, enterprise architecture
Computer and Information Science
Research subject SRA - ICT
IdentifiersURN: urn:nbn:se:kth:diva-100911DOI: 10.1007/978-3-642-34163-2_12ISI: 000345279800012ScopusID: 2-s2.0-84868322833ISBN: 978-364234162-5OAI: oai:DiVA.org:kth-100911DiVA: diva2:545800
7th Workshop on Trends in Enterprise Architecture Research, TEAR 2012, and the 5th Conf. on Practice-Driven Research on Enterprise Transformation, PRET 2012, co-located with The Open Group's Conf. on Enterprise Architecture, Cloud Computing, Security; Barcelona;23 October 2012 through 24 October 2012
QC 201209262012-09-262012-08-212015-06-11Bibliographically approved