A Unified Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Method for Evaluating Sustainable-Security of Web Applications

Abstract

Although security is an integral aspect of any web application’s growth, sustainability is also a pivotal factor in maintaining the web application. It is clear that the software industry aims to develop different methods and initiatives for achieving high security while maintaining high sustainability. Unfortunately, web application protection is useless if the sustainability is low. Thus, the present day need calls for innovation in developing web applications that afford sustainable-security to the users. By improving sustainability along with web application protection, underlying security and sustainability attributes play a vital role in determining the symmetrical effect of the sustainability and security attribute to achieve the best outcome. Sustainability evaluation, therefore, uses security and sustainability qualities to achieve the desired sustainability security solutions. In this study, ten consecutive versions of two web applications were used to determine symmetrical sustainability. The authors used the Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) mechanism to determine sustainability goals and long-term impact. Furthermore, the effect of security on sustainability is assessed, and vice versa. The findings in the paper will prove to be valuable for improving sustainability of the web application.

1. Introduction

Several research pursuits have focused on understanding and classifying security estimation methodology [1] to enhance the security of web applications. However, in practice, the security objectives have to be realigned to meet the user’s need. This is the reason for the widening of the gap between literature and actual practices. Objectives can be achieved by identifying, establishing, and evaluating. However, sustainability, being a definite imperative for humanity, security with sustainability of a web application has become the compelling intent during development process [2,3]. The main purpose is to secure a web application from malicious attacks. However, at times, the one who uses the machine becomes the weakest link and, unintentionally, invites attacks.

Security practitioners are consistently working on techniques to enhance both the sustainability and optimum security of the web applications [2]. Prevention of unauthorized access is the prime objective of security, while sustainability emphasizes maintaining the continuous services for users [3]. Sustainability is considered to be a system issue, and not an era or industrial issue [3,4]. Therefore, the focus of companies is usually on retaining sustainable-security, i.e., ensuring non-stop security mechanisms for the users.

Although researchers have tried to assess sustainable-security through different methods in order to improve it [3], most of the available literature in this domain pays little attention to the real-world problems [3,4,5,6,7,8,9,10]. As remarked by Calero et al. (2013), “software sustainability, being part of its quality and being related to non-functional requirements, is a way to improve web applications security” [4]. As a sustainable and secure web application is the need of today’s generation, factors of security and sustainability for a web application has become pertinent in attaining maintenance of web security [5].

Sustainable-security is influenced by sustainability and security factors including Confidentiality, Integrity, and Availability (CIA) and Energy Consumption, Web-based Resource Optimization, and Perdurability (EWP) correspondingly [3,4,6]. The contribution of these elements is unique, yet essential in ensuring sustainable-security. Therefore, assessment cannot be performed by neglecting sustainability, security, and their factors. Moreover, by considering the factors of security and sustainability, the assessment can be made more efficacious and precise.

Abbas Mardani [3] stated that MCDM is a mechanism to address the issues associated with renewable and sustainable energy with numerous assets. A MCDM method includes a wide scope of very unmistakable methodologies. Fuzzy MCDM, i.e., FMCDM, is a popular approach that also controls the shortcomings of MCDM approaches. Furthermore, sustainable-security estimation is a decision-making problem because every industry, more or less, endorses its own mechanism and policies [4,5]. Luthra et al. [7] diagnosed the boundaries for embracing the renewable and sustainable technology in India with the help of the Analytic Hierarchy Process (AHP) technique.

Sustainable-security focuses on stable web application services of the end user that has become the major fear of any industry now; however, the developers ignore it while ensuring security. For example, security developers prefer using an easy and simplified roadmap of security instead of using secure and complex frameworks. Therefore, the estimation of sustainable-security with its distinct factors is vital to notice. The following section cites the reviewed literature in this field.

In their article on software sustainability, Coral Calero and Mario Piattini, 2019 [8], point out three nodal areas: human, economic, and environmental sustainability. An overview of the previous research has also been discussed in this study after reviewing several conferences and workshops facilitated on sustainable energy and software sustainability.

Colin C. Venters et al. [9], in 2018, published a paper on sustainable architecture perspective of software systems. In this paper, the authors have taken very broad prospects on sustainability with respect to software to propose a methodology for outlining the address on software architectures with sustainability. The authors also included the recent shift in the focus of research to include sustainability in the context of software design.

Guanwen Li et al. [10], in 2017, contributed a new methodology on mobile edge computing, which is based on fuzzy theory based security service. The article, likewise, incorporated a security intermediary similar to customary security capacities. Additionally, the authors proposed a fuzzy inference system (FIS)-based methodology to get multiple optimal aspirations and the finest order of the desired security services. The findings proved that FIS achieved good performance.

Abbas Mardani et al. [3], in 2015, reviewed 54 papers with different MCDM techniques. The authors divided the papers into different methods, year of publications, and two categories including sustainable and renewable vitality. At the end, the authors concluded that the number of contributions rose in comparison to the previous years and new methods of MCDM, such as Fuzzy-AHP, ANP, VIKOR, etc., were accepted.

Birgit Penzenstadler et al. [11], in 2014, presented a paper on the relationship between safety, security, and sustainability, which is becoming a non-functional requirement for the upcoming century. Authors integrated the history of three pillars: safety, security, and sustainability. They also proposed a new approach of software life cycle assessment for sustainability assessment.

After analyzing the latest literature on sustainability and security, the authors of this study found that certain essential and fundamental attributes, which should be considered during the evaluation of sustainable-security, were lacking in the earlier research initiatives. A quantitative assessment of sustainable-security and implementation has become essential. The current work has the same focus with implementation on ten versions of two web applications developed locally, namely, the Online Admission System and Online Quiz Competition web application for Babasaheb Bhimrao Ambedkar University, Lucknow-India-Based Central University, Government of India.

The evaluation is conducive for making any decision to understand the options while assuring sustainable-security. Therefore, in order to ensure sustainable-security, authors are using Fuzzy-AHP mechanism in the paper. There is a need to establish a hierarchy which identifies the factors affecting sustainable-security. Therefore, a sustainable-security elements hierarchy is elaborated in the third section of the paper to quantify web application’s sustainable-security. For evaluating the sustainable-security, the Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) plays a key role during the development of web applications. The findings will assist security practitioners to incorporate sustainable-security during web application development.

The paper’s key contributions are as follows.

• Conducting an in-depth study of sustainable-security, i.e., web-application sustainability and its security and privacy strength and weakness.
• Proposing a Fuzzy-AHP method, a stable and efficient methodology implemented on different web-applications to establish its validity.
• Conducting sensitivity analysis on the results to show the efficacy of our proposed solution Fuzzy AHP vs. other solutions.
• The results show that fuzzy-AHP proves more efficient than the other classical approaches.
• With the help of the comparisons in outcomes of this contribution and previous work conducted with the perspective of sustainable-security of web applications, it is clear that this work may be helpful for the security developers for improving the security of web applications.

The remainder of the paper is formulated as follows. Section 2 describes the sustainable-security of web applications in detail and introduces the methodology, i.e., Fuzzy-AHP. Section 3 assesses and presents the outcome achieved through the Fuzzy-AHP and classical-AHP methodologies and the results of the sensitivity analysis. The discussion on the findings and concluding remarks are listed in Section 4 and Section 5, respectively.

2. Materials and Methods

2.1. Sustainable-Security of Web Applications

Web application security is a thought or technique used to keep noxious assaults from different pernicious destinations and clients [12]. With the fast development of web applications, the security requirements in a sustainable environment are becoming increasingly diverse [13,14]. According to G. McGraw, the security of web applications helps build a secure web application, i.e., developing a web application to make it safe and secure, assuring that the web application keeps itself safe, and educating web application engineers and end users how to build secure web applications [15]. It is already a social and economic demand to adapt ecofriendly means of making the current products and services workable as well as sustainable [16,17]. The balance between sustainability and theoretical as well as practical security is not commonly recognized as a bottom-line principle in web application security. Furthermore, many authors believe that sustainability cannot be compromised while managing web application security development. However, the literature review has, evidently, revealed the original facts about considering sustainable-security in web applications.

The assessment and upkeep of CIA with a sustainable environment during the development of web application is one of the best ways to obtain sustainable and secure web applications [18,19]. Because of the importance of sustainable-security in web applications nowadays, everyone wants to ensure security. However, security assurance demands high complexity, the high security makes the applications less sustainable and complex renewable. This problem generates concerns for the longer web application services. Birgit Penzenstadler, an eminent author on sustainability quotes in one of his work, “to draw attention to software safety issues in software engineering, it is argued that sustainability must be treated as a first-class quality alongside other critical factors such as safety, security, efficiency, reliability, and durability” [8,20]. Due to the increasing number of personal frauds, security hazards, and financial theft, security with sustainability assumes utmost priority [3,4,5]. Thus, today’s web application provider organizations should focus on both security and sustainability at the same time.

As an eminent organization of security, Microsoft defines sustainability as a quantity of how stable a design is to secure a product to perform its prescribed responsibilities [17]. Moreover, sustainable software has impact on the society, economy, human beings, and environment that results from different types of developments and deployment, and, by the usage of the software, are nominal, having some positive effect on the environment [18,19]. According to the scholar Coral Calero: “Sustainable software development aims to meet software needs while ensuring the sustainability of natural systems and the environment.” Software product sustainability is the capability of developing software in the most sustainable manner [1,4]. The relation of security and sustainability can be established by identifying the commonly contributing factors of both. The factors of sustainable-security with their definition are shown in

Table 1. Definitions of sustainable-security factors.

Factors	Definition
Security	Web Application security is mindfulness applied to protect the web application against noxious assaults and different dangers delivered by hackers and malevolent information so the site keeps on working accurately under potential dangers. Likewise, it is accepted that security is important to offer significant types of assistance as integrity, authentication, and availability [13,14,15].
Sustainability	For the most part, Sustainability is characterized as meeting the prerequisites of the present client without compromising the environment and ability of future generation to meet their necessities [12,18].
Confidentiality	Confidentiality, with regards to sustainable-security, can be characterized as ensuring that secure information can be retrieved only by the authorized person while confirming the maintenance of sustainability for the intended user [19].
Integrity	Integrity in security means ensuring the authenticity of information with respect to sustainability [19,20].
Availability	Availability in sustainable-security ensures that information is accessible by authorized users in a sustainable environment. If the attackers are not allowed to compromise the integrity and confidentiality, they may attempt to execute attacks to bring down the server [20].
Energy Consumption	Energy consumption in terms of sustainable-security is the degree to which the amount of energy used by a software product when performing its security functions meets the security requirements [4,12].
Web-Based Resource Optimization	Web-based resource optimization is the set of models and practices used to fulfill the available resources, such as human, machinery, and finances, with the security requirements of the organization to achieve the well-known sustainability and security goals. Resource optimization is achieving the desired results within the stipulated time and budget with minimum usage of the resources [13,14].
Perdurability	Perdurability is the idea of producing sustainable software security products that have longevity and are adaptable and recyclable, i.e., increasing those aspects that make the software last for long time with the ability to adapt to change without losing its functionality related to its quality [15,16].
Reliability	The reliability of software sustainable-security is defined as the extent to which the software performs securely for a specific period of time in a specific sustainable environment [14].
Maintainability	Maintainability in sustainable-security is defined as the degree of effectiveness and efficiency with which a product or system can be modified by the envisioned developers to maintain sustainability [14,16].
Portability	Portability in sustainable-security is the degree of effectiveness and efficiency with which software and its security can be transferred from one software product to another [15].

.

Sustainable and invulnerable systems no longer exist in a vacuum and, without the involvement of humans, these sustainable services cannot function. Developers of software security and sustainability must learn to work on the concepts of a shared environment [21]. This is because security and sustainability work harmoniously with each other. There are already numerous methods that have been established to integrate the two, but each mechanism has its limitations and advantages [22]. Sustainability in security must be integrated into sustainable-security from the very initial stage of development and must be maintained until the security services are running [23]. Sustainable-security appears to be an excellent explanation for all likelihoods that exist between sustainability and security. This assessment of sustainable-security focuses on the leverages and constraints of both methods and, with an appropriate procedure, a solution to assure sustainability with security is established.

Therefore, sustainable-security has two important elements, namely, security and sustainability. Further, the CIA is the foundation of security [24]. In the context of sustainable-security, confidentiality is defined as the allowance of authorized access in a sustainable environment to sensitive and secure data [25,26]. Integrity is the quality of software security established by ethical affirmation and decision. Availability is the ability of the user to access resources in a sustainable environment [27,28]. Other factors of sustainable-security have already been defined in Table 1. This work proposes an approach for estimating sustainable-security through Fuzzy-AHP. A hierarchy of sustainable-security factors is presented in Figure 1.

Figure 1 depicts that Confidentiality, Integrity, and Availability (CIA) and Energy Consumption, Perdurability, and Web-based Resource Optimization (EPW) affect the sustainable-security of the web application. Sustainable-security may be improved by focusing on CIA and EPW together [4,21]. Therefore, the above factors will be taken into account while assessing sustainable-security.

2.2. Methodology Followed

Different researchers have analyzed security and sustainability in different perspectives. Transformation of web application and cyber security through sustainability is a new area of interest for security, environmental, and economic sustainability [29,30,31]. To measure the sustainable-security, Multiple Criteria and Multiple Decisions Analysis (MCMDA) plays a significant role in presenting numerous contradictory assessments including fuzzy analytical hierarchy process [32]. Additionally, every decision methodology is different in perspective of their objective and subjective weights [33,34]. An assessment method, namely, Multi Criteria Decisions Analysis (MCDA), is proposed for sustainable-security to measure the satisfaction and ease of practice.

Sustainable-security appraisal is a multi-criteria problem as it contains different level of factors described earlier in this work. This work aims to measure the sustainable-security with the support of Fuzzy-AHP. As it is a multi-criteria issue, it is essential to disintegrate a multi-criteria problem into a hierarchy. Saaty used AHP for the very first time [35,36], with the aim of showing that there are problems with factors which have fuzziness in it. Therefore, the decision-maker’s responses are converted into fuzzy matrix using previously defined fuzzy criteria. The steps in assessment of any criteria using Fuzzy-AHP include the following.

A. Identify and Determine Problems: Identify and determine the problem to be solved so that all attributes of the problem are clearly known.

B. Set up Hierarchy Architecture: Identify attributes and relevant sub-attributes that have direct or indirect impact over each other by thorough literature. Now, create the hierarchical relationship between factors. The problem that has been taken here is sustainable-security and its evaluation. The factors contributing in its evaluation have already been defined in the above discussion. The decision-makers play a vital role in deciding these factors and the relation between them.

C. Define and Set up Fuzzy Pairwise Matrices: The next step is to build a fuzzy pairwise comparison matrix using the decisions given by experts. After converting the definite values to fuzzy numbers as per the definitions in Table 1 and Figure 1, we have compared the relative importance between attributes. To assess the fuzziness in MCDA problems, as in Equation (1), the AHP method uses the pairwise comparison matrix.

$$\begin{gathered} C1 C2 \dots \dots .Cn \\ \tilde{A}=\left[aij\right]=\begin{array}{c}{C}_1\\ C_2\\ .\\ .\\ .\\ .\\ C_n\end{array}\left[\begin{array}{ccc}1& a11\dots \dots & a1n\\ 1/a2\left(1\right)1& 1\dots ..& a2n\\ .& .& .\\ .& .& .\\ 1/an1& 1/an2\dots \dots & 1\end{array}\right] \end{gathered}$$

(1)

where a_ij = 1 and a_{ij = 1/} a_ij, i, j = 1, 2,..., n.

An n-by-n matrix, $\tilde{\mathit{A}}$, can be expressed as shown in Equation (1). Let C₁, C₂,..., C_n signify the set of factors and a_ij signify a measured decision on a set of factors C_i, C_j. The comparative position of the two factors is rated using a scale [37,38].

D. Calculating The Fuzzy Value Into Its Weight: To calculate fuzzy value into its relative weight the TFN value is defined in the starting of methodology. Figure 2 shows a triangular fuzzy number.

A TFN is denoted simply as its lower, medium, and higher value (Lw, Mi, and Ur, respectively). Equations (2)–(4) convert the numeric values into a Triangular Fuzzy Number (TFN) [39] comprising a Lw_ij, Mi_ij, and Ur_ij, where, Lw_ij is lower value, Mi_ij is medium value, and Ur_ij is uppermost level value. Additionally, TFN [ɳ_ij] is established as follows.

$${\eta }_{ij}=\left(L{w}_{ij}, M{i}_{ij}, U{r}_{ij}\right)$$

(2)

$$where L{w}_{ij}\le M{i}_{ij}\le U{r}_{ij}\mathrm{and}{\mathrm{Lw}}_{\mathrm{ij}},{\mathrm{Mi}}_{\mathrm{ij}},{\mathrm{Ur}}_{\mathrm{ij}}∊[1/9,9]$$

(3)

$$\begin{gathered} L{w}_{ij}=min\left(J_{ijk}\right), \\ M{i}_{ij}={\left(J_{ij1}.J_{ij2}\dots \dots \dots \dots J_{ijk}\right)}^{1/k} \\ and U{r}_{ij}=max\left(J_{ijk}\right) \end{gathered}$$

(4)

As shown in the equations, ${\mathsf{\eta }}_{ij}$ is the membership function and J_ijk is the relative prominence of the principles among two alternatives and is given by expert k, where i and j represent a pair of alternatives being judged by experts. Value ɳ_ij is deliberated based on the geometric mean of expert’s opinions for a particular comparison. After getting the TFN value for every pair of comparison, a fuzzy comparison matrix pairwise is established in the form of n$\times$n matrix.

E. Connection of Hierarchy: The next step is to put all hierarchies in series to get factor weights in the fuzzified form.

F. Defuzzification: Now, the next step is to transform the fuzzy numbers to understandable and definite values, the research under reference adopts the alpha cut mechanism to address fuzzy numbers into finite values [39,40,41]. The alpha cut method is defined as below,

$$\mathsf{\rho }\mathsf{\alpha },\mathsf{\beta }\left(\tilde{\mathrm{A}}\right)=\left[\mathsf{\beta }·\tilde{\mathrm{A}}\mathsf{\alpha }\left(\mathrm{Lwij}\right)+\left(1-\mathsf{\beta }\right)·\tilde{\mathrm{A}}\mathsf{\alpha }\left(\mathrm{Urij}\right)\right]$$

(5)

where 0 ≤ α ≤ 1 and 0 ≤ β ≤ 1

such that

$$\tilde{\mathrm{A}}\alpha \left(Lwij\right)=\left(Miij-Lwij\right).\alpha +Lwij$$

(6)

$$\tilde{\mathrm{A}}\alpha \left(Urij\right)=U{r}_{ij}-\left(Urij-Miij\right).\alpha$$

(7)

Preferences and error tolerance of experts are denoted by α and β in these equations, respectively. The values of α and β in equation vary between 0 and 1. A set of all elements define the alpha cut of a fuzzy set. Further, values ranging between 0 and 1 define the alpha threshold value.

G. Ordering: The sequencing step consists of ordering the defuzzified criteria according to its hierarchy and placing it into its ranks.

Further, the eigenvector and eigenvalue for comparison matrix pairwise are calculated to get the accumulated weight of specific benchmark. Let us assume ρ_α,β stands for the eigenvector. Also, the eigenvalue of the fuzzy pairwise comparison matrix a_ij. is denoted by λ.

$$\left[\left({\rho }_{\alpha ,\beta }\times \tilde{\mathrm{A}}\right)-\lambda \times I\right].W=0$$

(8)

Equation (8) is based on the linear transformation of vectors. In Equation (8), I represents the unitary matrix. Equations (1)–(8) are used to calculate the different weight of each attribute in relation to every other attribute. To check if the AHP process is correct, check the Consistency Ratio (CR) [38,39]. If CR value is less than 0.1, then the AHP analysis is correct; otherwise, the pairwise comparison matrix is analyzed again and the Fuzzy-AHP process is repeated.

3. Data Analysis and Results

3.1. Results through Fuzzy-AHP

For the most part, subjective evaluation is reasonable for assessing sustainable-security. It is hard to assess web application security in a quantitative manner. Worldwide aggregate activity prompted the detailing of formulation of sustainability policy. Lately, specialists have embraced sustainability policies to a great extent [5,6,7] with successful outcomes. Likewise, development agencies are attempting to embrace high web applications security. What is more, the impact of sustainable-security factors plays an exceptional role in sustainable-security during web application development process [41].

The paper presents a way for sustainable-security assessment with the assistance of Fuzzy-AHP. For collecting data, authors have taken the opinions of 110 experts who hail from academia as well as industry; these academicians and researchers were brought together in a simulated meeting situation. These professionals had more than 10 years of experience in web application development and had relevant expertise in using these models in symmetrical and sustainable environment. They discussed the factors with respect to different groups and gave linguistic values with the help of a scale. This contribution intends to gauge the web applications sustainable-security using the experts’ inputs.

To appraise the sustainable-security, ten successive versions of two different developed web applications for Lucknow-India-Based Central University (Babasaheb Bhimrao Ambedkar University), including A1, A2, A3 A4, and A5 for project 1 and A6, A7, A8, A9, and A10 for project 2, have been taken. Both of these web applications are highly sensitive for their data and agree that working on their security in a sustainable manner is important. Year-wise, different versions of a web application for the entrance exam of the University are called A1, A2, A3 A4, and A5 [40], and year-wise, different versions of a web application for national online quiz competition are called A6, A7, A8, A9, and A10 [42]. To measure the top version, Figure 1 shows the hierarchal structure of the sustainable-security factors. With the help of Equations (1-4), triangular fuzzy numbers are evaluated. After qualitative assessment,

Table 2. A comparison matrix-pairwise (fuzzy aggregated) at level 1.

	Security (C1)	Sustainability (C2)
Security (C1)	1,1,1	0.3127, 0.4395, 0.6252
Sustainability (C2)	-	1,1,1

,

Table 3. A comparison matrix- pairwise (fuzzy aggregated) for security at level 2.

	Confidentiality (C11)	Integrity (C12)	Availability (C13)
Confidentiality (C11)	1,1,1	0.2580, 0.3386, 0.5055	0.3604, 0.5220, 0.8074
Integrity (C12)	-	1,1,1	0.2665, 0.3657, 0.5911
Availability (C13)	-	-	1,1,1

,

Table 4. A pairwise comparison matrix (fuzzy aggregated) for sustainability at level 2.

	Energy Consumption (C21)	Web-Based Resource Optimization (C22)	Perdurability (C23)
Energy Consumption (C21)	1,1,1	0.3667, 0.5251, 0.9659	0.2261, 0.2928, 0.4166
Web based Resource Optimization (C22)	-	1,1,1	0.4896, 0.6372, 1.0000
Perdurability (C23)	-	-	1,1,1

and

Table 5. A comparison matrix pairwise (fuzzy aggregated) for perdurability at level 3.

	Reliability (C231)	Maintainability (C232)	Portability (C233)
Reliability (C231)	1,1,1	0.2215, 0.2871, 0.4152	0.3146, 0.4610, 0.8705
Maintainability (C232)	-	1,1,1	0.2444, 0.3238, 0.4801
Portability (C233)	-	-	1,1,1

show a comparison that is matrix-pairwise (aggregated fuzzy) for different levels.

Table 2 shows the aggregated pairwise comparison matrix for level 1 by using fuzzy-AHP, which contains only two factors: security and sustainability. Table 3 shows a Comparison Matrix Pairwise (Fuzzy Aggregated) for level 2, which contains three factors, including confidentiality, integrity, and availability. Table 4 shows the aggregated comparison matrix pairwise for level 2 by using fuzzy-AHP, which contains three factors: confidentiality, integrity, and availability. Table 5 shows the aggregated comparison matrix-pairwise for level 3 by using fuzzy-AHP, which contains three sub-factors: reliability, maintainability, and portability. According to the hierarchy, Table 2, Table 3, Table 4 and Table 5 show a comparison matrix-pairwise (fuzzy aggregated) at levels 1–3. From Equations (5)–(8), this paper derived the defuzzified values and local weights. The relative importance of the security and sustainability factors in the TFN value is weighted as (0.3127, 0.4395, and 0.6252). Then, with the help of Equation (6),

ρ_0.5(Lw₁₂) = (Mi_{security-sustaiability} − Lw_{security-sustaiability}) * 0.5 + Lw_{security-sustaiability}

ρ_0.5(Lw_{security-sustaiability}) = (0.4395 − 0.3127) * 0.5 + 0.3127 = 0.3761

From Equation (7), ρ_0.5(Ur_{security-sustaiability}) = Ur_{security-sustaiability} − (Ur_{security-sustaiability} − Mi_{security-sustaiability}) * 0.5

ρ_0.5(Ur_{security-sustaiability}) = 0.6252 − (0.6252 − 0.4395) * 0.5 = 0.5324

With the help of Equation (5),

ρ_{0.5, 0.5} (Ã_{security-sustaiability}) = [0.5 * 0.3761 + (1 − 0.5) * 0.5324] = 0.4542

ρ_{0.5, 0.5} (Ã_{sustainability-security}) = 2.2017

From Equations (8) and (9), with respect to other criteria, the weights of particular criteria may be acquired as

$$\begin{gathered} \left[\left[{\mathsf{\rho }}_{\alpha ,\beta }\left({\mu }_{ij}\right)-\lambda I\right]=\left[\begin{array}{cc}1& 0.454\\ 2.20170& 1\end{array}\right]\right] \\ \left[\begin{array}{cc}1& 0.454\\ 2.201& 1\end{array}\right]\left[\begin{array}{c}{\mathsf{\rho }}_{Security}\\ {\mathsf{\rho }}_{Sustainability}\end{array}\right]=\left[\begin{array}{c}0\\ 0\end{array}\right] \\ \left[\begin{array}{c}{\mathsf{\rho }}_{Security}\\ {\mathsf{\rho }}_{Sustainability}\end{array}\right]=\left[\begin{array}{c}0.312\\ 0.687\end{array}\right] \end{gathered}$$

(9)

Moreover, the local weights of sustainable-security factors and CR values of each group are shown in

Table 6. Local weights of level 1 factors estimated by fuzzy-AHP.

	Security (C1)	Sustainability (C2)	Weights
Security (C1)	1	0.4542	0.3123
Sustainability (C2)	2.2017	1	0.6877
CR = 0.0005

,

Table 7. Local weights of level 2 factors estimated by fuzzy-AHP.

	Confidentiality (C11)	Integrity (C12)	Availability (C13)	Weights
Confidentiality (C11)	1	0.3602	0.5530	0.1784
Integrity (C12)	2.7762	1	0.3973	0.3155
Availability (C13)	1.8083	2.5170	1	0.5061
CR = 0.01245

,

Table 8. Local weights of level 2 factors for sustainability estimated by fuzzy-AHP.

	Energy Consumption (C21)	Web-Based Resource Optimization (C22)	Perdurability (C23)	Weights
Energy Consumption (C21)	1	0.5957	0.3071	0.1723
Web based Resource Optimization (C22)	1.6787	1	0.6910	0.3189
Perdurability (C23)	3.2563	1.4472	1	0.5088
CR = 0.00477

and

Table 9. Local weights of level 2 factors for perdurability estimated by fuzzy-AHP.

	Reliability (C231)	Maintainability (C232)	Portability (C233)	Weights
Reliability (C231)	1	0.3027	0.5268	0.1617
Maintainability (C232)	3.3036	1	0.3430	0.3109
Portability (C233)	1.8983	2.9155	1	0.5274
CR = 0.01402

.

Table 6 shows the local weights of level 1 factors. From the results, it is evident that sustainability is a more important factor than security for balancing the sustainable-security. Figure 3 shows the graphical representation of local weights of level 1 factors.

Table 7 shows the local weights of level 2 factors of security. From the results, it is evident that availability is an important factor among the three factors of this level. Figure 4 shows the graphical representation of local weights of level 2 factors.

Table 8 shows the local weights of level 2 factors of sustainability. From the results, it is evident that perdurability is an important factor among the three factors of this level. Figure 5 shows the graphical representation of local weights of level 2 factors of sustainability.

Table 9 shows the local weights of level 3 sub-factors of perdurability, and it is evident from the results that portability has the highest weight. Figure 6 shows the graphical representation of level 3 sub-factors. From the results, it is evident that maintainability is an important factor among the three factors of this level.

Table 10. Overall weights of sustainable-security factors estimated by fuzzy-AHP.

First Level Factors	Local Weights of First Level	Second Level Factors	Local Weights of Second Level	Final Weights of Second Level	Third Level Factors	Local Weights of the Third Level	Overall Weights	Weights for Level 3
								Project 1 (Entrance Exam Web Application)					Project 2 (Online Quiz Competition Web Application)
								(A1)	(A2)	(A3)	(A4)	(A5)	(A6)	(A7)	(A8)	(A9)	(A10)
C1	0.312	C11	0.178	0.055	-	-	0.0557	0.327	0.266	0.206	0.333	0.270	0.209	0.260	0.324	0.344	0.331
		C12	0.315	0.098	-	-	0.0985	0.234	0.328	0.344	0.238	0.334	0.378	0.233	0.203	0.328	0.219
		C13	0.506	0.158	-	-	0.1581	0.237	0.247	0.337	0.242	0.251	0.255	0.299	0.261	0.247	0.281
C2	0.687	C21	0.172	0.118	-	-	0.1185	0.296	0.227	0.331	0.302	0.231	0.263	0.292	0.255	0.227	0.328
		C22	0.318	0.219	-	-	0.2193	0.292	0.234	0.219	0.297	0.238	0.276	0.287	0.251	0.234	0.247
		C23	0.508	0.349	C231	0.161	0.0566	0.266	0.241	0.281	0.270	0.245	0.260	0.283	0.238	0.241	0.227
					C232	0.310	0.1088	0.233	0.253	0.274	0.237	0.258	0.228	0.337	0.242	0.253	0.234
					C233	0.527	0.1845	0.344	0.238	0.270	0.351	0.243	0.337	0.329	0.302	0.238	0.241

shows the final or global weights and the overall priorities of the tree structure. Where A1, A2, A3……An, symbols are described as the alternatives and objective weights of the criteria that are stated in Table 10.

The combined significances of levels 2 and 3 are then persevered by aggregating the weights throughout the hierarchy. In sustainable-security, security has 0.3123 weight and sustainability has 0.6877 weight. This implies that security is more significant than sustainability to achieve sustainable-security at its best. For security, confidentiality has 0.0557 weight, integrity has 0.0985 weight, and availability has 0.1581 weight, and therefore availability is most important for sustainable-security. For sustainability, the final weight of energy consumption is 0.1185, the weight of web based resource optimization is 0.2193, and the weight of perdurability is 0.3499.

Among these three, the weighting of perdurability is highest. This indicates that improvement in sustainable-security can be achieved by focusing on perdurability. Figure 7 shows the final weights of factors from the hierarchy shown in Figure 1 and the results show that sustainability has the highest weight among all. The three sub-factors of perdurability have the following final weights, reliability is 0.0566, maintainability is 0.1088, and portability is 0.1845. The value of sustainable-security for different alternatives has been evaluated as below.

$$\begin{gathered} \left[\begin{array}{cccccccc}0.0557,& 0.0985,& 0.1581, & 0.1185& 0.2193& 0.0566& 0.1088& 0.1845\end{array}\right]\left[\begin{array}{ccccccccc}0.327& 0.266& \mathrm{0.2060.333}& 0.270& 0.209& 0.260& 0.324& 0.344& 0.331\\ 0.234& 0.328& \mathrm{0.3440.238}& 0.344& 0.378& 0.233& 0.203& 0.328& 0.219\\ 0.298& 0.247& \mathrm{0.3440.242}& 0.251& 0.255& 0.299& 0.261& 0.247& 0.281\\ 0.296& 0.227& \mathrm{0.3310.302}& 0.325& 0.236& 0.292& 0.255& 0.227& 0.328\\ 0.266& 0.234& \mathrm{0.2190.297}& 0.265& 0.276& 0.287& 0.251& 0.234& 0.247\\ 0.292& 0.241& \mathrm{0.2810.270}& 0.254& 0.360& 0.283& 0.238& 0.241& 0.227\\ 0.233& 0.253& \mathrm{0.2740.237}& 0.264& 0.228& 0.337& 0.242& 0.253& 0.234\\ 0.344& 0.238& \mathrm{0.2700.351}& 0.245& 0.337& 0.329& 0.302& 0.238& 0.241\end{array}\right] \\ =\left[\begin{array}{c}Alternative 1\\ Alternative 2\\ Alternative 3\\ Alternative 4\\ Alternative 5\\ Alternative 6\\ Alternative 7\\ Alternative 8\\ Alternative 9\\ Alternative 10\end{array}\right]=\left[\begin{array}{c}0.2817\\ 0.2495\\ 0.2814\\ 0.2870\\ 0.2540\\ 0.2826\\ 0.2956\\ 0.2601\\ 0.2538\\ 0.2602\end{array}\right] \end{gathered}$$

Impacts of sustainable-security for altered options are assessed as 0.2817, 0.2495, 0.2814, 0.2870, 2540, 2826, 0.2956, 0.2601, 0.2538, and 0.2602 for A1, A2, A3, A4, A5, A6, A7, A8, A9, and A10, respectively. The results show the A7 have highly sustainable-security in all alternatives web application of BBA University.

3.2. Sensitivity Analysis

Sensitivity analysis defines how distinctive the values of an independent variable will influence a unique structured variable within a given set of assumptions [3,4,5]. In this research work, the threshold (values of α and β) is assumed as 0.5. The range of α and β lies in between zero and one. Deviations due to the values of α and β are depicted in

Table 11. Sensitivity analysis.

Deviation in Results
(Preferences of Participants) α	0.5	0.5	0.5	0.5	0.5	0.1	0.3	0.7	0.9
(Risk Tolerance of Participants) β	0.1	0.3	0.7	0.9	0.5	0.5	0.5	0.5	0.5
Alternatives
(A1)	0.3708	0.3235	0.2403	0.2043	0.2817	0.2847	0.2824	0.2790	0.2745
(A2)	0.3411	0.2921	0.2091	0.1697	0.2495	0.2515	0.2568	0.2448	0.2409
(A3)	0.3715	0.3214	0.2414	0.2027	0.2814	0.3068	0.2899	0.2777	0.2736
(A4)	0.3717	0.3271	0.2455	0.2116	0.2870	0.3015	0.2945	0.2783	0.2791
(A5)	0.3394	0.2947	0.2132	0.1815	0.2540	0.2594	0.2624	0.2486	0.2465
(A6)	0.3740	0.3242	0.2401	0.2070	0.2826	0.2880	0.2882	0.2799	0.2746
(A7)	0.3941	0.3401	0.2491	0.2207	0.2956	0.3010	0.3025	0.2929	0.2875
(A8)	0.3468	0.3086	0.2126	0.1807	0.2601	0.2668	0.2680	0.2564	0.2519
(A9)	0.3432	0.2953	0.2122	0.1782	0.2538	0.2629	0.2625	0.2491	0.2453
(A10)	0.3559	0.3020	0.2143	0.1819	0.2602	0.2685	0.2699	0.2545	0.2517
Correlation Coefficient	0.9730	0.9884	0.9863	0.9913	1	0.9433	0.9895	0.9943	0.9997

. The graphical representations of the variation are shown in Figure 8.

The deviations show the insignificant difference between results, which gives the most optimistic and generalized results. Table 11 and Figure 8 present the fluctuations in results. It is seen from the analysis that the results of sustainable-security depend upon α and β values and the results are highly correlated. To show the statistical significance between the results, the last row of Table 11 shows the Pearson’s correlation coefficient between the results. The inference focuses on supplying suggestions to developers for enhancing the proficiency and effectivity of sustainable-security of the web application.

3.3. Results through Classical-AHP

After estimating the sustainable-security of web applications with the Fuzzy-AHP technique, the classical-AHP method was also used in this section to prove the accuracy of the whole assessments and outcomes. AHP is a useful resource for resolving unstructured issues in economics, and social and information sciences [38,40]. In classical-AHP, the manner of records collection and assessment identical to the Fuzzy-AHP, but the sole distinction is that no fuzzification and defuzzification are required. Therefore, the information is taken in its original shape for classical-AHP. Further, according to the set of sustainable-security factors through the hierarchy, the relative independent weights and priorities of each set of factors have been depicted in

Table 12. Local weights of level 1 factors estimated by classical-AHP.

	Security (C1)	Sustainability (C2)	Weights
Security (C1)	1	0.4395	0.3053
Sustainability (C2)	2.2753	1	0.6947
CR = 0.0004

,

Table 13. Local weights of level 2 factors for security estimated by classical-AHP.

	Confidentiality (C11)	Integrity (C12)	Availability (C13)	Weights
Confidentiality (C11)	1	0.3386	0.5220	0.1688
Integrity (C12)	2.9533	1	0.3657	0.3087
Availability (C13)	1.9157	2.7345	1	0.5225
CR = 0.01045

,

Table 14. Local weights of level 2 factors for sustainability estimated by classical-AHP.

	Energy Consumption (C21)	Web-Based Resource Optimization (C22)	Perdurability (C23)	Weights
Energy Consumption (C21)	1	0.5251	0.2928	0.1598
Web based Resource Optimization (C22)	1.9044	1	0.6372	0.3182
Perdurability (C23)	3.4153	1.5694	1	0.5220
CR = 0.000425

and

Table 15. Local weights of level 2 factors for perdurability estimated by classical-AHP.

	Reliability (C231)	Maintainability (C232)	Portability (C233)	Weights
Reliability (C231)	1	0.2871	0.4610	0.1483
Maintainability (C232)	3.4831	1	0.3238	0.3030
Portability (C233)	2.1692	3.0883	1	0.5487
CR = 0.0154

.

Table 12 shows the local weights of security and sustainability through classical-AHP. Figure 9 shows a graphical representation of the local weights of level 1 factors. Table 13 shows the local weights of level 2 factors, which are Confidentiality, integrity, and availability. Among these, availability has the highest weight. Figure 10 shows the graphical representation of second-level factors. Table 14 shows the local weights of level 2 factors. Among these, perdurability has the highest weight for improving the whole sustainable-security. Figure 11 shows the graphical representation of second level factors. Table 15 shows the local weights of level 3 factors. Among these, portability has the highest weight for improving the whole sustainable-security. Figure 12 shows the graphical representation of third level factors. According to the hierarchy,

Table 16. Overall weights of sustainable-security factors estimated by classical-AHP.

First Level Factors	Local Weights of First Level	Second Level Factors	Local Weights of Second Level	Final Weights of Second Level	Third Level Factors	Local Weights of the Third Level	Overall Weights	Weights for Level 3
								Project 1 (Entrance Exam Web Application)					Project 2 (Online Quiz Competition Web Application)
								(A1)	(A2)	(A3)	(A4)	(A5)	(A6)	(A7)	(A8)	(A9)	(A10)
C1	0.305	C11	0.168	0.051	-	-	0.0515	0.327	0.266	0.206	0.333	0.270	0.209	0.260	0.324	0.344	0.331
		C12	0.308	0.094	-	-	0.0942	0.234	0.328	0.344	0.238	0.334	0.378	0.233	0.203	0.328	0.219
		C13	0.522	0.159	-	-	0.1595	0.237	0.247	0.337	0.242	0.251	0.255	0.299	0.261	0.247	0.281
C2	0.694	C21	0.159	0.111	-	-	0.1110	0.296	0.227	0.331	0.302	0.231	0.263	0.292	0.255	0.227	0.328
		C22	0.318	0.221	-	-	0.2211	0.292	0.234	0.219	0.297	0.238	0.276	0.287	0.251	0.234	0.247
		C23	0.522	0.362	C231	0.148	0.0538	0.266	0.241	0.281	0.270	0.245	0.260	0.283	0.238	0.241	0.227
					C232	0.303	0.1099	0.233	0.253	0.274	0.237	0.258	0.228	0.337	0.242	0.253	0.234
					C233	0.548	0.1990	0.374	0.238	0.270	0.351	0.243	0.337	0.329	0.302	0.238	0.241

and Figure 13 show the dependent weights and an overall ranking of the hierarchy. Also, the results of all weights after applying it to project 1 and 2 are depicted in the Table 16.

The eleven evaluative criteria are weighted as follows, security (0.3053), sustainability (0.6947) confidentiality (0.0515), integrity (0.0942), availability (0.1595), energy consumption (0.1110), web based resource optimization (0.2211), perdurability (0.3626), reliability (0.0538), maintainability (0.1099), and portability (0.1990), of which availability is most significant for sustainable-security of web application. The impact of sustainable-security in different alternatives is determined as follows.

$$\begin{gathered} \left[\begin{array}{cccccccc}0.0515,& 0.0942,& 0.1595, & 0.1110& 0.2111& 0.0538& 0.1099& 0.1990\end{array}\right]\left[\begin{array}{ccccccccc}0.327& 0.266& \mathrm{0.2060.333}& 0.270& 0.209& 0.260& 0.324& 0.344& 0.331\\ 0.234& 0.328& \mathrm{0.3440.238}& 0.344& 0.378& 0.233& 0.203& 0.328& 0.219\\ 0.298& 0.247& \mathrm{0.3440.242}& 0.251& 0.255& 0.299& 0.261& 0.247& 0.281\\ 0.296& 0.227& \mathrm{0.3310.302}& 0.325& 0.236& 0.292& 0.255& 0.227& 0.328\\ 0.266& 0.234& \mathrm{0.2190.297}& 0.265& 0.276& 0.287& 0.251& 0.234& 0.247\\ 0.292& 0.241& \mathrm{0.2810.270}& 0.254& 0.360& 0.283& 0.238& 0.241& 0.227\\ 0.233& 0.253& \mathrm{0.2740.237}& 0.264& 0.228& 0.337& 0.242& 0.253& 0.234\\ 0.344& 0.238& \mathrm{0.2700.351}& 0.245& 0.337& 0.329& 0.302& 0.238& 0.241\end{array}\right] \\ =\left[\begin{array}{c}Alternative 1\\ Alternative 2\\ Alternative 3\\ Alternative 4\\ Alternative 5\\ Alternative 6\\ Alternative 7\\ Alternative 8\\ Alternative 9\\ Alternative 10\end{array}\right]=\left[\begin{array}{c}0.2885\\ 0.2491\\ 0.2809\\ 0.2878\\ 0.2536\\ 0.2834\\ 0.2966\\ 0.2607\\ 0.2531\\ 0.2594\end{array}\right] \end{gathered}$$

Sustainable-security of different alternatives is estimated as 0.2885, 0.2491, 0.2809, 0.2878, 0.2536, 0.2834, 0.2966, 0.2607, 0.2531, and 0.2594 for A1, A2, A3, A4, A5, A6, A7, A8, A9, and A10 respectively. The results show the A7 has highly sustainable-security, i.e., version 2 of online quiz competition web application.

3.4. Comparison between Results

The difference between the impacts of sustainable-security of web applications through fuzzy-AHP and classical-AHP techniques is negligible as shown in

Table 17. Comparison between the results.

Sustainable-Security of Web Applications
Alternatives	Fuzzy-AHP	AHP
Alternative 1 (A1)	0.2817	0.2885
Alternative 2 (A2)	0.2495	0.2491
Alternative 3 (A3)	0.2814	0.2809
Alternative 4 (A4)	0.2870	0.2878
Alternative 5 (A5)	0.2540	0.2536
Alternative 6 (A6)	0.2826	0.2834
Alternative 7 (A7)	0.2956	0.2966
Alternative 8 (A8)	0.2601	0.2607
Alternative 9 (A9)	0.2538	0.2531
Alternative 10 (A10)	0.2602	0.2594

; Figure 14 shows the graphical representation of the difference between the results.

As evident from the results, fuzzy-AHP and classical-AHP strategies have extraordinary procedures. Also, the outcomes are unique, yet fundamentally the same. This empirical work has taken the Pearson’s Correlation Method [40] for assessing the correlation between outcomes. The correlation coefficient shows the impact of the relationship between two values. The scale lies between −1 and +1 [43]. The value near to −1 shows the lower bonding between values, and the value near to +1 shows the tighter bonding between values. The Pearson correlation between the results of Fuzzy-AHP and AHP is 0.9935, which shows the strong correlation between the results achieved.

As given in Table 17, the results with different approaches with same dataset have been obtained, and these results show that the correlation between the results of Fuzzy-AHP and AHP is highly correlated. Further, the results also show that the covered factors of sustainable-security and their contribution to efficient sustainable-security are remarkable. Alka Agrawal et al. recently published an article in which they assessed sustainable-security [44]. This article contained first-level factors of security pillars in which three were CIA and one was perdurability. These factors were not very balanced because only one factor of sustainability was taken in that work.

In addition, according to the experts of Cigniti Solutions, sustainable-security depends fully on its contributing factors [45]. Therefore, in the current paper, the authors have taken sustainability as a contributor in the first level of hierarchy, which improvises the results in the end. Additionally, for testing the results, Alka Agrawal et al. took six alternatives only, whereas this paper takes ten alternatives of a web application, which verifies the results. According to Alka Agrawal et al., perdurability was important, whereas, according to this work, Sustainability at first level and Web based Resource Optimization at second level are the most important attributes among all for maintaining sustainable-security of web applications.

4. Discussion

As web applications adapt to current requirements, their use and unpredictability are both slowly developing. Furthermore, exponential development in security attacks requires the creation of web applications that empower high security with sustainability. Security has invariably become one of the most critical quality factors currently and is attracting the consideration of web application originators as well as end users. The aim of this research has been to evaluate the sustainable-security of web applications at the early stage of their development life cycle. As appraisal is the best way to accomplish sustainable-security, this research paper integrates security as well as sustainability factors and evaluates sustainable-security. The resulting impact of the investigations cited in the paper will assist developers in sustainable-security with web application during its development.

There are several distinctive security models that measure security and sustainability exclusively; however, an approach or a dedicated model that coordinates security and sustainability in a solitary column utilizing Fuzzy-AHP and other MCDM strategies is essentially more economical. The model proposed here will assist with assessing the sustainable-security of web applications and improving the environmental and economic sustainability surplus to meeting the clients’ needs. In this contribution, the authors have examined nine sustainable-security factors that can be integrated during web application development.

A majority of agencies distinguish between the quickly altering enterprise and regulatory demands to alter how protection (basically preserving CIA) is managed and sustainability is maintained at some point of the web application development process. To improve the power of security sustainability of the web application, the proposed work offers quantitative assessment. The proposed hierarchical shape of sustainable-security helps elucidate the relation between the factors which make contributions to sustainable-security in the course of the web application development process.

In this paper, the authors have taken two web applications and compiled expert’s opinions about the contributing sustainability and security factors of the particular web application. Data collated from the experts is compiled by way of Fuzzy-AHP and, further, the results are validated by the classical-AHP method. Findings and pros of this work are summarized below.

• The attributes taken in this study are common to each and every web application security. Therefore, the assessment done with its perspective would be helpful to the developers globally.
• Symmetrically arranging the attributes of sustainable-security is important for achieving high sustainability with security; therefore, these results will help developers to develop a framework with important attributes contributing toward sustainable-security.
• Assessing sustainable-security will enhance economic, social, and environmental sustainability along with increasing user satisfaction, thus, providing secure web application for the end user.
• Sustainability and perdurability are highly significant for sustainable-security to enhance the overall sustainability of web application.
• MCDM techniques, such as Fuzzy-AHP, have been proven to supply highly accurate outcomes compared with AHP; as a result, it emerges as a desirable hybrid approach to estimate sustainable-security for web applications.
• The quantitative findings will help software development teams consider higher prioritized factors of sustainable-security while designing web applications to develop applications with sustainable-security.
• Sustainability is an emerging problem of this decade and should be given foremost priority by developers. The findings herein will help to design a roadmap for software designers to handle the problem of sustainable-security of web applications.
• During the analysis of results, two variables played an important role, which is α (preferences) and β (error tolerance of experts). To show the variances of results, sensitivity analysis has been done considering α and β as sensitive variables.
• For statistical validation, the correlation coefficient is calculated. It ranges near 1 and therefore proves that the strength of the bond between the results of Fuzzy-AHP and classical AHP are negligible.

From the discussion, it is clear that the assessment of sustainable-security is significant and vital in its own way. Still, this assessment may have some limitations that can be overcome in the future work. The limitations of the results are as follows.

• The data collected for web applications are significant but is taken from a small sample. The results may vary if the data is taken from a larger sample.
• There might be more sustainability and security factors other than those identified in this work. Results of sustainable-security impact may change as per the number of factors.

5. Conclusions

In the current work, sustainability and security factors are diagnosed and the sustainable-security of the web application is investigated. Estimation of sustainable-security is a multi-criteria decision problem, and because of this we used Fuzzy-AHP technique to assess sustainable-security. Also, the classical-AHP method is used to validate the results. Most essential elements with respect to weights have additionally been evaluated. It has been concluded by both techniques used (Fuzzy-AHP and classical-AHP) that sustainability is the most important aspect among the nine essential sustainable-security factors. To improve sustainable-security, software designers and practitioners need to focus on sustainability and perdurability for ensuring sustainable-security and web application services.