Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A metamodel for web application injection attacks and countermeasures
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
2012 (English)In: Trends in Enterprise Architecture Research and Practice-Driven Research on Enterprise Transformation: 7th Workshop, TEAR 2012, and 5th Working Conference, PRET 2012, Held at The Open Group Conference 2012, Barcelona, Spain, October 23-24, 2012. Proceedings / [ed] Stephan Aier, Mathias Ekstedt, Florian Matthes, Erik Proper, Jorge L. Sanz, Springer, 2012, 198-217 p.Conference paper, Published paper (Refereed)
Abstract [en]

Web application injection attacks such as cross site scripting and SQL injection are common and problematic for enterprises. In order to defend against them, practitioners with large heterogeneous system architectures and limited resources struggle to understand the effectiveness of different countermeasures under various conditions. This paper presents an enterprise architecture metamodel that can be used by enterprise decision makers when deciding between different countermeasures for web application injection attacks. The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker. This metamodel is based on a literature review and revised according to the judgment by six domain experts identified through peer-review.

Place, publisher, year, edition, pages
Springer, 2012. 198-217 p.
Series
Lecture Notes in Business Information Processing, ISSN 1865-1348 ; 131
Keyword [en]
Cyber security, web applications, enterprise architecture
National Category
Computer and Information Science
Research subject
SRA - ICT
Identifiers
URN: urn:nbn:se:kth:diva-100911DOI: 10.1007/978-3-642-34163-2_12ISI: 000345279800012Scopus ID: 2-s2.0-84868322833ISBN: 978-364234162-5 (print)OAI: oai:DiVA.org:kth-100911DiVA: diva2:545800
Conference
7th Workshop on Trends in Enterprise Architecture Research, TEAR 2012, and the 5th Conf. on Practice-Driven Research on Enterprise Transformation, PRET 2012, co-located with The Open Group's Conf. on Enterprise Architecture, Cloud Computing, Security; Barcelona;23 October 2012 through 24 October 2012
Note

QC 20120926

Available from: 2012-09-26 Created: 2012-08-21 Last updated: 2015-06-11Bibliographically approved

Open Access in DiVA

fulltext(397 kB)828 downloads
File information
File name FULLTEXT01.pdfFile size 397 kBChecksum SHA-512
36b6781017e591df13f0c8933bcd5021f22ed58486b2898131b14e935508edad4d2530f287d7fef95c439a0586eb0cb683f120e9eae13f4791f69ec44bd9b52f
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Holm, HannesEkstedt, Mathias
By organisation
Industrial Information and Control Systems
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 828 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 232 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf