Evaluating Performance of Web Application Security Through a Fuzzy Based Hybrid Multi-Criteria Decision-Making Approach: Design Tactics Perspective

Design of software can have a major impact on the overall security of the software. Developing a secure website design is a challenge for architectures. It depends on different and tough decisions which determine the security of website. Increasing number of vulnerabilities increase the level of security requirements. Hence, security design tactics are to be adopted to satisfy these security requirements. Security design tactics are the mechanisms to define, detect and mitigate vulnerabilities and attacks. Therefore, faults in the application of security tactics or their weakening during website maintenance could be one of the key reasons behind the emergence of new and severe vulnerabilities that can be targeted by the hackers. There is a need for in-depth analysis of security tactics and its prioritization for the sake of determining the most prioritized factor. This will further help in gaining a more secure system. In this research study, the authors have used the hybrid method of Fuzzy AHP-TOPSIS (Analytic Hierarchy Process-Technique for Order Preference by Similarity Ideal Solution) for the evaluation of security design tactics and its attributes. The efficiency of this approach has been tested on a real time web application of Babasaheb Bhimrao Ambedkar University, Lucknow, India. Further, different web applications of the University have been used to validate the obtained results. This study's evaluation of the most impactful web application design for improving security will help the architects to secure systems by using security tactics.