Web Applications Security Testing Evaluation

Abstract

An important part of a good security software development program is the ability to determine how things are going. Therefore, it is important to track the results of testing and also apply metrics to this aim. A model to help in evaluating security testing in web applications is presented in this work. This model is based on the OWASP Web Security Testing Guide (WSTG) and the Logic Score of Preference (LSP) method. Using the LSP method we are able to construct a model that can be of help in assessing compliance respect to the ten-ets of the Check List of the WSTG, during and after testing in an application development project. Since LSP is a multicriteria and multiattribute decision method that allows the creation of models that can give different relevance to the various features under evaluation, in this case –items in the WSTG Check List– it can help in deciding which item or items should be given more impor-tance according to the needs of the project considered.