SecEval and SecWAO
SecEval and SecWAO can be downloaded as mdzip for MagicDraw (>= 18.0) or as XMI. Most diagrams are also depicted on this page.
Contents
- Publications
- SecEval
- Secure Web Applications' Ontology (SecWAO)
- Tool Evaluation with SecEval (web vulnerability scanning case study)
- Questionnaire about SecEval (2013)
Publications
- Marianne Busch, and Martin Wirsing. An Ontology for Secure Web Applications (SecWAO), In Ruqian Lu, editor, International Journal of Software and Informatics, volume 9 of International Journal of Software and Informatics, pages 233-258. Institute of Software, Chinese Academy of Sciences, 2015.
- Martin Reithmayer. Tool support for a Knowledge Base for Secure Software Engineering. Masters Thesis. Ludwig-Maximilians-Universität München, 2014
- Marianne Busch, Nora Koch, and Martin Wirsing. Advances in Engineering Secure Future Internet Services and Systems, volume LNCS 8431, chapter Systematic Evaluation of Engineering Approaches for Secure Software and Systems. Springer, 2014.
- Marianne Busch, Nora Koch, and Martin Wirsing. SecEval: An Evaluation Framework for Engineering Secure Systems. In Hans-Georg Fill, Dimitris Karagiannis, and Ulrich Reimer, editors, Proceedings of MoK14. Gesellschaft für Informatik e.V. (GI), 2014.
- NESSoS Deliverable D2.4 - Second Release of the Method and Tool Evaluation, 2013
SecEval
Security Context
Detailed connections between method, notations and tools (Association class to define to which extend a tool supports a method):
Method's details regarding the SDLC:
Tool's details regarding the SDLC:
Data Collection
Data Analysis
Extensions of SecEval
Risk Evaluation (cf. OWASP):
Moody's approach (cf. paper: The Method Evaluation Model):
Secure Web Applications' Ontology (SecWAO) - instances of SecEval
SecWAO is, e.g., used for teaching and as a basis for modeling security-related design decisions with the UML-based web engineering (UWE) approach.
Tool Evaluation with SecEval (web vulnerability scanning case study)
Tool Evaluation Case Study - Data Collection:
Tool Evaluation - Data Analysis (Ranking and Values):
Tool Evaluation - Data Analysis (Overall Results):
Tool Evaluation - Security Context (Nessus and Nikto only):
Questionnaire (2013)
Questionnaire about an early version of SecEval, which was discussed with security engineering experts in order to develop the first version of SecEval in 2013.