{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,15]],"date-time":"2026-02-15T21:23:41Z","timestamp":1771190621772,"version":"3.50.1"},"reference-count":57,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2013,1,17]],"date-time":"2013-01-17T00:00:00Z","timestamp":1358380800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Artif Intell Rev"],"published-print":{"date-parts":[[2015,2]]},"DOI":"10.1007\/s10462-012-9375-6","type":"journal-article","created":{"date-parts":[[2013,1,15]],"date-time":"2013-01-15T21:17:06Z","timestamp":1358284626000},"page":"259-276","source":"Crossref","is-referenced-by-count":21,"title":["Systematic review of web application security development model"],"prefix":"10.1007","volume":"43","author":[{"given":"Bala","family":"Musa Shuaibu","sequence":"first","affiliation":[]},{"given":"Norita","family":"Md Norwawi","sequence":"additional","affiliation":[]},{"given":"Mohd Hasan","family":"Selamat","sequence":"additional","affiliation":[]},{"given":"Abdulkareem","family":"Al-Alwani","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,1,17]]},"reference":[{"key":"9375_CR1","doi-asserted-by":"crossref","unstructured":"Alalfi MH, Cordy JR, Dean TR (2009) A verification framework for access control in dynamic web applications. Paper presented at the Proceedings of the 2nd Canadian conference on computer science and software engineering, Montreal, Quebec, Canada","DOI":"10.1145\/1557626.1557643"},{"key":"9375_CR2","doi-asserted-by":"crossref","unstructured":"Aydal EG, Paige RF, Chivers H, Brooke PJ (2006) Security planning and refactoring in extreme programming. Lecture Notes in Computer Science, vol 4044","DOI":"10.1007\/11774129_16"},{"key":"9375_CR3","doi-asserted-by":"crossref","unstructured":"Bala MS, Norita MN (2011) Secure E-commerce web development framework. Inf Technol J 10(4):769\u2013779","DOI":"10.3923\/itj.2011.769.778"},{"key":"9375_CR4","doi-asserted-by":"crossref","unstructured":"Balzarotti D, Cova M, Felmetsger VV, Vigna G (2007) Multi-module vulnerability analysis of web-based applications. Paper presented at the Proceedings of the 14th ACM conference on computer and communications security, Alexandria, Virginia, USA","DOI":"10.1145\/1315245.1315250"},{"key":"9375_CR5","doi-asserted-by":"crossref","unstructured":"Blanco C, Lasheras J, Valencia-Garcia R, Fernandez-Medina E, Toval A, Piattini MA (2008) Systematic review and comparison of security ontologies. In: Availability, reliability and security, 2008. ARES 08. Third international conference on, 4\u20137 March 2008, pp 813\u2013820. doi: 10.1109\/ares.2008.33","DOI":"10.1109\/ARES.2008.33"},{"key":"9375_CR6","doi-asserted-by":"crossref","unstructured":"Cachia E, Micallef M (2007) A Multi-Tier, multi-role security framework for E-commerce systems. Paper presented at the Proceedings of the 14th annual IEEE international conference and workshops on the engineering of computer-based systems","DOI":"10.1109\/ECBS.2007.8"},{"key":"9375_CR7","doi-asserted-by":"crossref","unstructured":"Choi KC, Lee GH (2006) Automatic test approach of web application for security (AutoInspect). Lecture Notes in Computer Science 3983:659\u2013668","DOI":"10.1007\/11751632_72"},{"key":"9375_CR8","doi-asserted-by":"crossref","unstructured":"Chong S, Liu J, Myers AC, Qi X, Vikram K, Zheng L, Zheng X, (2009) Building secure web applications with automatic partitioning. Commun ACM 52(2):79\u201387. doi: 10.1145\/1461928.1461949","DOI":"10.1145\/1461928.1461949"},{"key":"9375_CR9","doi-asserted-by":"crossref","unstructured":"Dadeau F, Potet ML, Tissot R (2008) AB formal framework for security developments in the domain of smart card applications. In: Proceedings of the Ifip Tc 11 23rd international information security conference on, 7\u201310 Sept 2008, Springer, pp 141\u2013155, Milano, Italy. doi: 10.1007\/978-0-387-09699-5_10","DOI":"10.1007\/978-0-387-09699-5_10"},{"key":"9375_CR10","unstructured":"Dimitrakos T, Raptis D, Ritchie B, St\u00f8len K (2002) Model-based security risk analysis for web applications: the CORAS approach. In: Proceedings of the EuroWeb 2002, (Electronic Workshops in Computing). British Computer Society, St Anne\u2019s College, Oxford, UK. Available on-line at: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.195.6095&rep=rep1&type=pdf"},{"key":"9375_CR11","doi-asserted-by":"crossref","unstructured":"Dong J, Peng T, Zhao Y (2010) Automated verification of security pattern compositions. Inf Softw Technol 52(3):274\u2013295","DOI":"10.1016\/j.infsof.2009.10.001"},{"key":"9375_CR12","doi-asserted-by":"crossref","unstructured":"Dyba T, Dingsoyr T (2008) Empirical studies of agile software development: a systematic review. Inf Softw Technol 50(9\u201310):833\u2013859","DOI":"10.1016\/j.infsof.2008.01.006"},{"key":"9375_CR13","doi-asserted-by":"crossref","unstructured":"Fernandez EB (2007) Security patterns and secure systems design. Paper presented at the Proceedings of the 45th annual southeast regional conference, Winston-Salem, North Carolina","DOI":"10.1145\/1233341.1233436"},{"key":"9375_CR14","doi-asserted-by":"crossref","unstructured":"Futcher L, Solms R (2007) SecSDM: a model for integrating security into the software development life cycle. In: IFIP international federation for information processing, Boston, pp 41\u201348","DOI":"10.1007\/978-0-387-73269-5_6"},{"key":"9375_CR15","doi-asserted-by":"crossref","unstructured":"Ge X, Paige RF, Polack FAC, Chivers H, Brooke PJ (2006) Agile development of secure web applications. Paper presented at the Proceedings of the 6th international conference on web engineering, Palo Alto, California, USA, pp 305\u2013312. doi: 10.1145\/1145581.1145641","DOI":"10.1145\/1145581.1145641"},{"key":"9375_CR16","doi-asserted-by":"crossref","unstructured":"G\u00fcrgens S, Ochsenschl\u00e4ger P, Rudolph C (2005) On a formal framework for security properties. Comput Stand Interfaces 27(5):457\u2013466","DOI":"10.1016\/j.csi.2005.01.004"},{"key":"9375_CR17","doi-asserted-by":"crossref","unstructured":"Halfond WGJ, Orso A (2005) AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. Paper presented at the Proceedings of the 20th IEEE\/ACM international conference on automated software engineering, Long Beach, CA, USA","DOI":"10.1145\/1101908.1101935"},{"key":"9375_CR18","doi-asserted-by":"crossref","unstructured":"Hassan R, Bohner S, El-Kassas S, Eltoweissy M (2008) Goal-oriented, B-based formal derivation of security design specifications from security requirements. In: Availability, reliability and security, 2008. ARES 2008. Third international conference on, 4\u20137 March 2008, pp 1443\u20131450. doi: 10.1109\/ares.2008.77","DOI":"10.1109\/ARES.2008.77"},{"key":"9375_CR19","doi-asserted-by":"crossref","unstructured":"Hermosillo G, Gomez R, Seinturier L, Duchien L (2007) AProSec: an aspect for programming secure web applications. In: Conference the second international on availability, reliability and security, Vienna, pp 1026\u20131033","DOI":"10.1109\/ARES.2007.43"},{"key":"9375_CR20","doi-asserted-by":"crossref","unstructured":"Huang YW, Huang SK, Lin TP, Tsai CH (2003) Web application security assessment by fault injection and behavior monitoring. Paper presented at the Proceedings of the 12th international conference on World Wide Web, Budapest, Hungary","DOI":"10.1145\/775152.775174"},{"key":"9375_CR21","doi-asserted-by":"crossref","unstructured":"Huang YW, Yu F, Hang C, Tsai CH, Lee DT, Kuo SY (2004) Securing web application code by static analysis and runtime protection. Paper presented at the Proceedings of the 13th international conference on World Wide Web, New York, NY, USA","DOI":"10.1145\/988672.988679"},{"key":"9375_CR22","doi-asserted-by":"crossref","unstructured":"Huang Y, Geng X, Whinston AB (2007) Defeating DDoS attacks by fixing the incentive chain. ACM Trans Internet Technol 7(1):5. doi: 10.1145\/1189740.1189745","DOI":"10.1145\/1189740.1189745"},{"key":"9375_CR23","doi-asserted-by":"crossref","unstructured":"Jones R, Rastogi A (2004) Secure coding: building security into the software development, life cycle 29-39","DOI":"10.1201\/1086\/44797.13.5.20041101\/84907.5"},{"key":"9375_CR24","doi-asserted-by":"crossref","unstructured":"Kals S, Kirda E, Kruegel C, Jovanovic N (2006) SecuBat: a web vulnerability scanner. Paper presented at the Proceedings of the 15th international conference on World Wide Web, Edinburgh, Scotland","DOI":"10.1145\/1135777.1135817"},{"key":"9375_CR25","doi-asserted-by":"crossref","unstructured":"Keramati H, Mirian-Hosseinabadi S-H (2008) Integrating software development security activities with agile methodologies. Paper presented at the Proceedings of the 2008 IEEE\/ACS international conference on computer systems and applications","DOI":"10.1109\/AICCSA.2008.4493611"},{"key":"9375_CR26","doi-asserted-by":"crossref","unstructured":"Kim YG, Cha S (2012) Threat scenario-based security risk analysis using use case modeling in information systems. Secur Commun Netw 5(3):293\u2013300. doi: 10.1002\/sec.321","DOI":"10.1002\/sec.321"},{"key":"9375_CR27","unstructured":"Kitchenham B (2007) Guidelines for performing systematic literature reviews in software engineering, Version 2.3, EBSE Technical Report EBSE-2007-01, Keele University and University of Durham"},{"key":"9375_CR28","doi-asserted-by":"crossref","unstructured":"Lam MS, Martin M, Livshits B, Whaley J (2008) Securing web applications with static and dynamic information flow tracking. Paper presented at the Proceedings of the 2008 ACM SIGPLAN symposium on partial evaluation and semantics-based program manipulation, San Francisco, California, USA","DOI":"10.1145\/1328408.1328410"},{"key":"9375_CR29","doi-asserted-by":"crossref","unstructured":"Lipner S (2004) The trustworthy computing security development lifecycle. Paper presented at the Proceedings of the 20th annual computer security applications conference","DOI":"10.1109\/CSAC.2004.41"},{"key":"9375_CR30","doi-asserted-by":"crossref","unstructured":"Livshits B, Erlingsson l (2007) Using web application construction frameworks to protect against code injection attacks. Paper presented at the Proceedings of the 2007 workshop on programming languages and analysis for security, San Diego, California, USA","DOI":"10.1145\/1255329.1255346"},{"key":"9375_CR31","doi-asserted-by":"crossref","unstructured":"Lucas FJ, Molina F, Toval A (2009) A systematic review of UML model consistency management. Inf Softw Technol 51(12):1631\u20131645","DOI":"10.1016\/j.infsof.2009.04.009"},{"key":"9375_CR32","unstructured":"Mao L (2006) Research of electronic commerce systems modeling method on RUP. Dyn Continuous Discret Impuls Syst Ser B Appl Algorithms 13:731\u2013734"},{"key":"9375_CR33","doi-asserted-by":"crossref","unstructured":"Mellado D, Blanco C, S\u00e1nchez LE, Fern\u00e1ndez-Medina E (2010a) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153\u2013165","DOI":"10.1016\/j.csi.2010.01.006"},{"key":"9375_CR34","doi-asserted-by":"crossref","unstructured":"Mellado D, Fernandez ME, Piattini M (2010b) Security requirements engineering framework for software product lines. Inf Softw Technol 52(10):1094\u20131117","DOI":"10.1016\/j.infsof.2010.05.007"},{"key":"9375_CR35","unstructured":"Moebius N, Haneberg D, Reif W, Schellhorn G(2007) A modeling framework for the development of provably secure E-commerce applications. In: Software engineering advances, 2007. ICSEA 2007. International conference on, 25\u201331 August 2007, pp 8\u20138"},{"key":"9375_CR36","unstructured":"Moffett JD, Nuseibeh BA, (2006) A framework for security requirements engineering. Softw Engineering for secure systems workshop with the 28th Int\u201dl conference software engineering, Shanghai, China, pp 35\u201341"},{"key":"9375_CR37","doi-asserted-by":"crossref","unstructured":"Moja LP, Telaro E, D\u2019Amico R, Moschetti I, Coe L, Liberati A (2005) Assessment of methodological quality of primary studies by systematic reviews: results of the metaquality cross sectional study. BMJ 330(7499):1053. doi: 10.1136\/bmj.38414.515938.8F","DOI":"10.1136\/bmj.38414.515938.8F"},{"key":"9375_CR38","doi-asserted-by":"crossref","unstructured":"Mourad A, Laverdi\u00e8re M, Debbabi M (2008) An aspect-oriented approach for the systematic security hardening of code. Comput Secur 27(3\u20134):101\u2013114","DOI":"10.1016\/j.cose.2008.04.003"},{"key":"9375_CR39","doi-asserted-by":"crossref","unstructured":"Mouratidis H, J\u00fcrjens J, Fox J (2006) Towards a comprehensive framework for secure systems development. Paper presented at the 18th International conference on advanced information systems engineering, CAiSE 2006, Luxembourg, 5\u20139 June, 2006","DOI":"10.1007\/11767138_5"},{"key":"9375_CR40","unstructured":"Okubo T, Tanaka H (2007) Secure software development through coding conventions and frameworks. In: Availability, reliability and security, 2007. ARES 2007. The second international conference on, 10\u201313 April 2007, pp 1042\u20131051"},{"key":"9375_CR41","doi-asserted-by":"crossref","unstructured":"Olsen BMJ, O, Middleton P, Ezzo J, Gotzsche PC, Hadhazy V, Herxheimer A, Kleijnen J, McIntosh H (2001) Quality of cochrane reviews: assessment of sample from 1998. BMJ 323(7317):829\u2013832. doi: 10.1136\/bmj.323.7317.829","DOI":"10.1136\/bmj.323.7317.829"},{"key":"9375_CR42","doi-asserted-by":"crossref","unstructured":"Oxman AD (1994) Systematic reviews: checklists for review articles. BMJ 309(6955):648\u2013651","DOI":"10.1136\/bmj.309.6955.648"},{"key":"9375_CR43","unstructured":"Popp G, Jurjens J, Wimmel G, Breu R (2003)Security-critical system development with extended use cases. In: Software engineering conference, 2003. Tenth Asia-Pacific, 10\u201312 Dec 2003, pp 478\u2013487"},{"key":"9375_CR44","unstructured":"Schumacher M, Ackermann R, Steinmetz R (2000) Towards security at all stages of a system\u2019s life cycle. In: Proceedings of international conference on software, telecommunications, and computer networks (Softcom), 2000"},{"key":"9375_CR45","doi-asserted-by":"crossref","unstructured":"Scott D, Sharp R (2002) Developing secure Web applications. Internet Comput IEEE 6(6):38\u201345","DOI":"10.1109\/MIC.2002.1067735"},{"key":"9375_CR46","doi-asserted-by":"crossref","unstructured":"Seo SC, You JH, Kim YD, Choi JY, Lee SJ, Kim BK, (2005) Building security requirements using state transition diagram at security threat location. Lecture Notes in Computer Science 3802:451\u2013456","DOI":"10.1007\/11596981_66"},{"key":"9375_CR47","doi-asserted-by":"crossref","unstructured":"Sharma S, Sugumaran V, Rajakopalan B (2002) Framework for creating hybrid-open source software communittees. Inf Syst J 12(1):7\u201325","DOI":"10.1046\/j.1365-2575.2002.00116.x"},{"key":"9375_CR48","volume-title":"The web application hacker\u2019s handbook: discovering and exploiting security flaws","author":"D Stuttard","year":"2008","unstructured":"Stuttard D, Pinto M (2008) The web application hacker\u2019s handbook: discovering and exploiting security flaws. Wiley, Indianapolis"},{"key":"9375_CR49","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-10619-4_1","volume-title":"A systematic literature review of software process improvement for small and medium Web companies","author":"M Sulayman","year":"2009","unstructured":"Sulayman M (2009) A systematic literature review of software process improvement for small and medium Web companies. The University of Auckland, New Zealand"},{"key":"9375_CR50","doi-asserted-by":"crossref","unstructured":"Sulayman M, Mendes E (2009) A systematic literature review of software process improvement in small and medium web companies. In: Advances in software engineering, vol 59. Communications in computer and information science. Springer, Berlin, Heidelberg, pp 1\u20138. doi: 10.1007\/978-3-642-10619-4_1","DOI":"10.1007\/978-3-642-10619-4_1"},{"key":"9375_CR51","unstructured":"Tappenden A, Beatty P, Miller J, Geras A, Smith M, IEEE Computer SOC (2005) Agile security testing of Web-based systems via HTTPUnit. AGILE 2005, Proceedings"},{"key":"9375_CR52","unstructured":"Vidakovic D, Simic D (2007) A novel approach to building secure systems. In: Availability, reliability and security, 2007. ARES 2007. The second international conference on, 10\u201313 April 2007, pp 1074\u20131084"},{"key":"9375_CR53","unstructured":"Viega J, McGraw G (2001) Building secure software. Addison-Wesley, Boston"},{"key":"9375_CR54","doi-asserted-by":"crossref","unstructured":"Viega J, McGraw G (2002) Token-based scanning of source code for security problems. ACM Trans Inf Syst Secur 5(3):238\u2013261. doi: 10.1145\/545186.545188","DOI":"10.1145\/545186.545188"},{"key":"9375_CR55","unstructured":"Ware MS, Bowles JB, (2006) Eastman CM using the common criteria to elicit security requirements with use cases. In: SoutheastCon, 2006. Proceedings of the IEEE, March 31 2005\u2013April 2 2005, pp 273\u2013278"},{"key":"9375_CR56","doi-asserted-by":"crossref","unstructured":"Xiong P, Peyton L (2010) A model-driven penetration test framework for Web applications. In: 2010 Eighth annual international conference on privacy security and trust (PST), Ottawa, 17\u201319 Aug. 2010, pp 173\u2013180","DOI":"10.1109\/PST.2010.5593250"},{"key":"9375_CR57","doi-asserted-by":"crossref","unstructured":"Zhang X, Wang G, Fan L (2007) Web-based coordination for E-commerce. In: IFIP advances in information and communication technology, Boston, 2007. IFIP advances in information and communication technology. Springer, Boston, pp 515-522. doi: 10.1007\/978-0-387-09699-5_10","DOI":"10.1007\/978-0-387-09699-5_10"}],"container-title":["Artificial Intelligence Review"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-012-9375-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10462-012-9375-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-012-9375-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,8]],"date-time":"2019-07-08T05:59:27Z","timestamp":1562565567000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10462-012-9375-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,1,17]]},"references-count":57,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2015,2]]}},"alternative-id":["9375"],"URL":"https:\/\/doi.org\/10.1007\/s10462-012-9375-6","relation":{},"ISSN":["0269-2821","1573-7462"],"issn-type":[{"value":"0269-2821","type":"print"},{"value":"1573-7462","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,1,17]]}}}