Article Details

Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

Determination of Weighting Assessment on DREAD Model using Profile Matching

Author 1: Didit Suprihanto
Author 2: Retantyo Wardoyo
Author 3: Khabib Mustofa

Download PDF

Digital Object Identifier (DOI) : 10.14569/IJACSA.2018.091009

Article Published in International Journal of Advanced Computer Science and Applications(IJACSA), Volume 9 Issue 10, 2018.

Abstract: Web application creators often get lack understanding of security threats that can occur in applications that are made, while security threats can create new problems that are more complex. These security threats will pose risks and can even result in large losses. Determining the risk ratings on a web application software development team is still experiencing problem or debate. The problem which occurs is that not all of the team members agree on the risk rating assessment process. This problem is caused by the differences in opinions and assumptions of the team members about threats and the fact that the assessor has different types of expertise, DREAD model places each expert in the same position. It means that there are no differences in weight at the time of assessment. DREAD stands for five aspects which are related to security threats in web applications. They are D (Potential Damage), R (Reproducibility), E (Exploitability), A (Affected User), and D (Discoverability). The proposal gives weight to the assessor by using profile matching method to produce an assessment involving assessors with different types of expertise, weighting on each assessor is according to their relevance to the assessed aspects, and rating on the type of expertise is according to the aspects assessed for the DREAD model. The result of the study shows that the proposed method can produce the weight closeness of the assessment to the target.

Keywords: DREAD; risk; assessment; profile matching

Didit Suprihanto, Retantyo Wardoyo and Khabib Mustofa, “Determination of Weighting Assessment on DREAD Model using Profile Matching” International Journal of Advanced Computer Science and Applications(IJACSA), 9(10), 2018. http://dx.doi.org/10.14569/IJACSA.2018.091009

@article{Suprihanto2018,
title = {Determination of Weighting Assessment on DREAD Model using Profile Matching},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2018.091009},
url = {http://dx.doi.org/10.14569/IJACSA.2018.091009},
year = {2018},
publisher = {The Science and Information Organization},
volume = {9},
number = {10},
author = {Didit Suprihanto and Retantyo Wardoyo and Khabib Mustofa}
}

IJACSA

Upcoming Conferences

Future of Information and Communication Conference (FICC) 2022

3-4 March 2022

Computing Conference 2022

14-15 July 2022

IntelliSys 2022

1-2 September 2022

Future Technologies Conference (FTC) 2022

20-21 October 2022