kth.sePublications KTH
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A metamodel for web application injection attacks and countermeasures
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
2012 (English)In: Trends in Enterprise Architecture Research and Practice-Driven Research on Enterprise Transformation: 7th Workshop, TEAR 2012, and 5th Working Conference, PRET 2012, Held at The Open Group Conference 2012, Barcelona, Spain, October 23-24, 2012. Proceedings / [ed] Stephan Aier, Mathias Ekstedt, Florian Matthes, Erik Proper, Jorge L. Sanz, Springer, 2012, p. 198-217Conference paper, Published paper (Refereed)
Abstract [en]

Web application injection attacks such as cross site scripting and SQL injection are common and problematic for enterprises. In order to defend against them, practitioners with large heterogeneous system architectures and limited resources struggle to understand the effectiveness of different countermeasures under various conditions. This paper presents an enterprise architecture metamodel that can be used by enterprise decision makers when deciding between different countermeasures for web application injection attacks. The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker. This metamodel is based on a literature review and revised according to the judgment by six domain experts identified through peer-review.
Place, publisher, year, edition, pages
Springer, 2012. p. 198-217
Series
Lecture Notes in Business Information Processing, ISSN 1865-1348 ; 131
Keywords [en]
Cyber security, web applications, enterprise architecture
National Category
Computer and Information Sciences
Research subject
SRA - ICT
Identifiers
URN: urn:nbn:se:kth:diva-100911DOI: 10.1007/978-3-642-34163-2_12ISI: 000345279800012Scopus ID: 2-s2.0-84868322833ISBN: 978-364234162-5 (print)OAI: oai:DiVA.org:kth-100911DiVA, id: diva2:545800
Conference
7th Workshop on Trends in Enterprise Architecture Research, TEAR 2012, and the 5th Conf. on Practice-Driven Research on Enterprise Transformation, PRET 2012, co-located with The Open Group's Conf. on Enterprise Architecture, Cloud Computing, Security; Barcelona;23 October 2012 through 24 October 2012
Note

QC 20120926

Available from: 2012-09-26 Created: 2012-08-21 Last updated: 2022-06-24Bibliographically approved

Open Access in DiVA

fulltext(397 kB)1483 downloads
File information
File name FULLTEXT01.pdfFile size 397 kBChecksum SHA-512
36b6781017e591df13f0c8933bcd5021f22ed58486b2898131b14e935508edad4d2530f287d7fef95c439a0586eb0cb683f120e9eae13f4791f69ec44bd9b52f
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Ekstedt, Mathias

Search in DiVA

By author/editor
Holm, HannesEkstedt, Mathias
By organisation
Industrial Information and Control Systems
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1486 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 461 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access