On the Identification of Required Security Controls Suitable for Converged Web and Mobile Applications
MetadataShow full item record
Contemporary development of information systems for service delivery is at the present a matter of bringing together use of web and mobile applications. However, this advancement in the field of computing is happening at the expense of increased security risks to the system users and owners. This is due to the fact that the advancement in systems security controls is not taking place at the same pace. In the converged web and mobile applications, developers lack formal development standards for security design and verification. As a result, applications are built with ad hoc implementations of security controls depending on context of usage. In view of the above, this paper attempts to put forward a possible set of security controls considered to be suitable for addressing the security demands in converged web and mobile applications environments. To achieve this objective, use is made of a Livestock Data Center (LDC) system as a case study for analysis and reasoning. By design, the system can be accessed through web and mobile applications. The overall process involved here had the following phases: the first phase involved reviewing existing security controls and assessment of their usage in the converged web and mobile applications. The output from this stage was a review of security controls assessment report. The second phase involved devising and proposing a possible, security assessment model for the converged web and mobile applications. The last phase of this process, involved employing the proposed security controls assessment model and the case study to identify the possible security controls suitable for the converged web and mobile applications. The approach used for security controls assessment involved a combination of white box and black box techniques. Whereas the platforms used for Web and mobile applications development were PHP and Java, respectively. This last item has been done to practically assess the security controls at an application level, and consequently to come up with suitable controls for the same.