Fuzzy multi criteria decision analysis method for assessing security design tactics for web applications

Abstract

Security and design tactics estimation of web application for ensuring the security, efficiency and design tactics of web applications is necessary. A survey conducted by the security research team, Micro Focus, of the USA reveals that 80% of the vulnerability defects occur due to the coding defect, validation causes 60% of the errors, 70% errors are due to encapsulation and path traversal. Such statistics call for a more efficacious design to enhance software security. The primary research goal of this study is to compute or evaluate the security threats of the software and web applications from the perspective of design tactics. Towards this intent, we have employed the methodology of Fuzzy Analytic Hierarchy Process (F-AHP) to evaluate the security factors or obtain the weight of different factors. The different design tactics of web application have also been selected according to the factors that affect the security. In this article, researchers have used a crossbreed technique of fuzzy based Multi Criteria Decision Method (MCDM) technique, i.e., F-AHP and Fuzzy Technique for Order of Preferences by Similarity to Ideal Solutions (F-TOPSIS) Technique. The results of the assessment of security will be helpful for developers or experts in designing the security tactics of software or web applications. We have also compared the results of classical and Fuzzy approach to determine the weight of alternatives or attributes and rank of the factors. This process is an effective and conclusive methodology for the developers working for more enhanced secure design tactics of software and web application design.