出版社:International Association for Computer Information Systems
摘要:This document provides an overview of the growing importance of web application security threats and its role in the IS security curriculum. Two alternative instructional paradigms designed to present web application security were reviewed. Secure Programming curricula have been used to present detailed coverage from a software coding perspective. However, the Secure Programming Paradigm may present challenges in the choice of programming language or the required level of programming prerequisites that may not be appropriate for an Information Systems curriculum. As an alternative, the Automated Web Application Testing Paradigm using IBM's AppScan web security testing tool presents web application security from a quality assurance and testing perspective that may be integrated within the Software Development Life Cycle (SDLC). Recommendations for the integration of web application security in context of an Information Systems curriculum will be discussed.
关键词:Application Security; Web Application Security Testing; Automated Application Testing Tools; IBM;AppScan; Secure Programming; IS Model Curriculum.
