PUBLICATION

With increasing complexity of web-based applications, traditional engineering from scratch becomes an effortful matter with security aspects difficult to oversee. By composing applications from reusable building blocks, component-based web engineering approaches promise to reduce time to market while providing flexibility to changing conditions. Yet, they face a trade off between developing software in an agile fashion and establishing a solid security foundation.

To mitigate risks of successful attacks, web engineers must however ensure security during the entire lifetime of web- based applications. This paper therefore presents WAM++ which combines well with existing methodology and assists engineers in designing web-based applications with a strong emphasis on security. Based on the theoretical foundation from prior work, we introduce a vocabulary to describe both the architecture of web-based applications and involved services. Furthermore, we support engineers by an online dia- graming tool and showcase a prototypical implementation of WAM++ in an existing identity management platform.