Modeling security features of web applications

Abstract

Securing web applications is a difficult task not only, because it is hard to implement bulletproof techniques, but also because web developers struggle to get an overview of how to avoid security flaws in a concrete application. This is aggravated by the fact that the description of a web application’s security concept is often scattered over lengthy requirements documents, if documented at all. In this chapter, we extend the graphical, UML-based Web Engineering (UWE) language to model security concepts within web applications, thus providing the aforementioned overview. Our approach is applied to a case study of an Energy Management System that provides a web interface for monitoring energy consumption and for configuring appliances. Additionally, we give an overview of how our approach contributes to the development of secure web applications along the software development life cycle.