Building the Security Function Point Method for Web Application Vulnerability Remediation
Kwansoon Park1, Boyoung Kim2
1Kwansoon Park, Seoul Business School, Seoul School of Integrated Sciences and Technologies(aSSIST), Seoul, Korea.
2Boyoung Kim*,Seoul Business School, Seoul School of Integrated Sciences and Technologies(aSSIST), Seoul, Korea.
Manuscript received on November 12, 2019. | Revised Manuscript received on November 25, 2019. | Manuscript published on 30 November, 2019. | PP: 5962-5968 | Volume-8 Issue-4, November 2019. | Retrieval Number: D8948118419/2019©BEIESP | DOI: 10.35940/ijrte.D8948.118419
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The web application vulnerability remediation activities are important in terms of actual risk management in corporate security activities. However, traditional software development resource estimation methods do not discuss resource estimation for software vulnerability remediation in terms of security. Moreover, it is difficult to estimate the exact web vulnerability remediation resources using correction factors. In these backgrounds this study aims to establish a resource estimation methodology for web application vulnerability remediation in terms of security from the perspective of dynamic analysis, contributing to foundation building for the systematic management of web application vulnerability remediation among information security organizations and related practitioners. For the new model development, this study used 64 application data of the experimental company to derive the security function point method and 6 web vulnerability assessment project data from the same company to verify the methodology.Hence a web application vulnerability remediation standard was established, and a new security web vulnerability remediation resource estimation technique, “Security Function Point Method (SFPM),” was proposed through data collection based on the standard.It covers the de facto global web application vulnerability framework named OWASP Top 10(2017) and several Korea’s standards fromthe practical field. Thus, it is possible tocalculate the web application vulnerability remediation resourcesin a better way.
Keywords: Security Function Point Method, Vulnerability Remediation, Vulnerability Management, Dynamic Analysis Software Test, Penetration Test, SSDLC
Scope of the Article: Pattern Recognition and Analysis.