Web applications security assessment in the Portuguese world wide web panorama

Abstract

Following the EU Information and Communication Technologies agenda, the Portuguese Government has started the creation of many applications, enabling electronic interaction between individuals, companies and the public administration - the e-Government. Due to the Internet open nature and the sensitivity of the data that those applications have to handle, it is important to ensure and assess their security. Financial institutions, such as banks, that nowadays use the WWW as a communication channel with their customers, face the same challenges. The main objective of this paper is to introduce a work that will be performed to assess the security of the financial and public administration sectors web applications. In this paper the authors provide a description of the rationale behind this work that involves the selection of a set of key financial and public administration web applications, the definition and application of a security assessment methodology, and the evaluation the assessment results. © 2010 Springer-Verlag.