SecEval and SecWAO

SecEval and SecWAO can be downloaded as mdzip for MagicDraw (>= 18.0) or as XMI. Most diagrams are also depicted on this page.

Contents

Publications

SecEval

Use Cases:

diagram

Evaluation Process (simple):

diagram

Evaluation Process (full):

diagram

Overview of SecEval Models:

diagram

Security Context

Security Context:

diagram

Detailed connections between method, notations and tools (Association class to define to which extend a tool supports a method):

diagram

Method's details regarding the SDLC:

diagram

Tool's details regarding the SDLC:

diagram

Data Collection

Data Collection:

diagram

Data Analysis

Data Analysis:

diagram

Extensions of SecEval

Risk Evaluation (cf. OWASP):

diagram

Moody's approach (cf. paper: The Method Evaluation Model):

diagram

Secure Web Applications' Ontology (SecWAO) - instances of SecEval

SecWAO is, e.g., used for teaching and as a basis for modeling security-related design decisions with the UML-based web engineering (UWE) approach.

SecWAO - XSS Example:

diagram

SecWAO - Security Properties:

diagram

SecWAO - Methods (overview):

diagram

SecWAO - Methods 1:

diagram

SecWAO - Methods 2:

diagram

SecWAO - Methods 3:

diagram

SecWAO - Methods 4:

diagram

SecWAO - Web Vulnerabilities:

diagram

SecWAO - Examples of Threats:

diagram

Tool Evaluation with SecEval (web vulnerability scanning case study)

Tool Evaluation Case Study - Data Collection:

diagram

Tool Evaluation - Data Analysis (Ranking and Values):

diagram

Tool Evaluation - Data Analysis (Overall Results):

diagram

Tool Evaluation - Security Context (Nessus and Nikto only):

diagram

Questionnaire (2013)

Questionnaire about an early version of SecEval, which was discussed with security engineering experts in order to develop the first version of SecEval in 2013.