Environment-driven threats elicitation for web applications

The popularity and complexity of web application present challenges to the security implementation for web engineering. Threat elicitation is an indispensable step for developers to identify the possible threats to the web applications in the early phase of software development. In this context, a novel approach is proposed to ease the threats elicitation for web application by using a defined web application classification as the sieve to sift a common threat list. The final result shows that the proposed model is a simplified and effective solution to threats elicitation to web application.