| Today most of the e-commerce applications are component-based and a security breach in any one of the components that comprise an e-commerce application may destroy the whole application. However, commerce components are commonly delivered in black box. End-users often suspiciously question the quality of these components. Thus demands for software certifications regarding the quality and security from third-party-independent agencies are becoming stronger and stronger. This, in turn, increases the demands for new certification technologies and methodologies.;This thesis proposes a product-based security certification process, Vulnerability Modeling Certification Process (VMCP). It works on design specifications and source code using white box technologies to identify software vulnerabilities and evaluate risk associated with these vulnerabilities. The security certification, which indicates the security level of the component, is then generated based on the identified and rated vulnerabilities. VMCP can be used as a basis for certifying components regarding security. |
