Measuring the Sustainable-Security of Web Applications Through a Fuzzy-Based Integrated Approach of AHP and TOPSIS

Ensuring sustainable-security of web applications for minimizing security breaches and enhancing users’ trust and satisfaction is the foremost priority of all security experts and web developers. However, sustainable-security is multidimensional, emergent, and an irreducible concept. Also, designing sustainable-security of web application is a complex process because it is a multi-attribute approach which is based on the users’ needs and organization’s policies. In this context, the decision making process could be an effective means to quantitatively evaluate sustainable-security of web application design. In this research study, the authors have used a technique that involves integrating Fuzzy Analytic Hierarchy Process (Fuzzy AHP) and Fuzzy Technique for Order of Preference by Similarity to Ideal Solution (Fuzzy TOPSIS) approaches for the assessment of sustainable-security of web applications. The efficacy of this technique has then been tested on a web application designed specifically to cater to the requisites of an academic institution, Babasaheb Bhimrao Ambedkar University in India. Given the sensitivity of web application, this paper has used different versions of a University web application. The results thus obtained and the approach employed in this study would definitely aid the future researchers and developers in designing web applications with higher sustainable-security.


I. INTRODUCTION
Sustainable-security is about building sustainable and secure web application while ensuring that every developer who is involved in the design process understands the importance of security [1[], [2]. For achieving sustainable security, it is imperative to ensure that best practices are enlisted in considering the security assessment at the very beginning of the web application development life cycle [3].
The last few decades of the 20 th century saw the growth of sustainability in web application of all institutional activities [4], [5]. According to a report by Microsoft, there has been a noticeable increase in the practitioners' efforts to reform their whole security models to integrate sustainability during the early stages of web application development [6]. However, designing such web applications is a complex task and has led The associate editor coordinating the review of this manuscript and approving it for publication was Jiafeng Xie. to failures. In fact, the authors of the present study reviewed few reports of security failures of web applications for data breaches [7]. According to these reports, important data such as phone number, names and addresses of 5001 students were stolen. Few reports cited that web applications such as the entrance examination web application had been attacked for more than 50 times during the examination [8]. These statistics show a marked need for sustainable security, more particularly, in a web application.
Constructing sustainable-security design of web application for an institution is a decision making process that involves several decision makers. Multi-criteria decision-making process plays an important role in collating different decisions of the practitioners in one frame [9]. A. Mardani et al. [10] states that Multi Criteria Decision Making Methods (MCDM) is a real approach for solving difficulties related to sustainable issues with multiple resources. Moreover, these methods cover a wide collection of reasonably distinct methods, in which Fuzzy MCDM is a widespread methodology. Further, Fuzzy MCDM also removes the inadequacies of MCDM approaches.
Garg et al. [11] documented the barriers for adoption of sustainable approaches through AHP method. However, most of the research did not discuss the attributes involved in sustainable-security. Therefore, it is imperative to apply a more effective approach for estimating sustainable-security and enabling the practitioners to know the preferences of factors while guaranteeing sustainable-security of the web applications developed by them. In this backdrop, the authors of this paper propose to opt for an integrated fuzzy based approach i.e., Fuzzy AHP-TOPSIS method for the estimation of sustainable-security.
For estimating sustainable-security, it is essential to create a tree structure of factors which defines the affects of web applications. Therefore, a tree structure of sustainablesecurity factors is defined in the third segment of this paper to address and evaluate the sustainable-security of the web application. Sustainable-security of the web application has been estimated with the assistance of the tree structure and Fuzzy AHP-TOPSIS method. The outcomes of the estimation will help the security practitioners to incorporate sustainable-security at the early stage of web application development.
The rest of the article has been systematized as follows: the second segment deliberates on the pertinent efforts done in the context of sustainable-security of the web application. The third segment defines sustainable-security of web application in detail. The fourth section enunciates the methodology, i.e., Fuzzy AHP-TOPSIS. The fifth and sixth segments of the paper estimate and provide results generated through the Fuzzy AHP-TOPSIS and Fuzzy AHP approaches. The discussion and the conclusion have been drafted in segment seven and eighth, respectively.

II. RELATED WORK
The Sustainability and Innovation Global Executive Study conducted a survey that included 4000 practitioners. This survey specifies that 48% of the respondents agreed that the concept of sustainability compelled them to adapt easily available web application security models whether it secures the application or not [13].
Evidently, security is often overlooked even though it is imperative to ensure security at the early stage of the development of web applications. Most of the security practitioners prefer to use easy and lame frameworks of security design. This badly affects sustainability. Furthermore, while designing a web application for an institute where time, data, high investment is at risk, neither security nor sustainability can be lax. Hence, the assessment of sustainable-security of web applications design is essential to notice. Further, the impact of sustainable-security on design properties also needs to be evaluated.
The other essential research references undertaken for this study have been tabulated below: • Coral Calero and Mario Piattini [16] presented an article that focused on security sustainability of web applications with three core areas being: human, economic and environmental sustainable-security. According to the authors' research, perdurability as security attribute and cohesion and coupling of design properties are important attributes that highly affect sustainability.
• Oyedeji et al. [17] proposed a web application sustainability design catalogue which aimed to help developers in producing a sustainable web application according to the users' needs. This catalogue is made by using the reviews of current and past research on sustainable web application. A framework has also been proposed in this work which includes a set of sustainability goals with respect to security and quality perspective. According to the study, availability and perdurability of sustainable-security attributes and encapsulation, inheritance and abstraction of design properties are important attributes that highly affect sustainability.
• Dawood et al. [18] in 2018 presented an article on sustainable design of web applications. The authors provided the principles and viewpoints on sustainability with respect to web application security for providing a situation and methodology on web application design and sustainability. The study also presented the recent research trends in perspective of sustainability in the circumstances of design for software applications. According to the study, design-size, polymorphism inheritance and abstraction are important attributes of design that highly affect sustainability.
• Li et al. [19] in 2017 proposed a fuzzy theory based services of security for sustainable mobile-edge computing. Authors of this paper presented a security proxy to support compatibility to outdated security functions. Also, to catch the best direction of the mandatory functions of security, authors established a Fuzzy Inference System (FIS) based tool to reach optimum goals. The results for the proposed model describes that FIS achieved good performance. According to the study, availability, confidentiality and perdurability of security attributes are important and highly affect sustainability.
• Robillard et al. [20] in 2016 familiarized the concept of integrating design attributes into the sustainability of software. This was a vision paper which proposed that the concept of sustainable software design should be integrated with sustainable software development. The paper also discussed research challenges like divergent opinions and longevity of software design. According to that study, availability and perdurability of security attributes and cohesion, coupling and abstraction of design properties are important that affect sustainability, highly. Although a lot of work has been done on sustainable-security in the past, we found that the planned security and sustainability assessment methods in the available references lacked sustainable-security assessment framework with preferable design attributes. To achieve higher sustainable-security in a web application, this framework is going to be a milestone in the research of sustainability. Hence, a quantitative estimation of sustainable-security of web application design is needed. Further, this research study is motivated by the intent to estimate the sustainable-security of six different versions of two locally developed web applications. These two web applications are: the entrance exam web application and quiz competition web application designed for Babasaheb Bhimrao Ambedkar Central University, India. For assessment of sustainable-security of web application design, this paper uses an integrated Fuzzy AHP-TOPSIS method as determined in the next segment.

III. SUSTAINABLE-SECURITY OF WEB APPLICATION
Security of the users' data is at risk and securing the web applications in all areas including institutional activities is the foremost priority of the security practitioners [21]. However, maintaining security is a difficult task because practitioners are facing various issues including sustainability. The ISO and IEEE series of software engineering standards deliver the supervision of sustainability in web application development perspective [22].
The Microsoft describes sustainability as an amount of how stable a design is to secure a web application to do suggested responsibilities [17]. Furthermore, the impact of sustainable web application on economy, society, human beings, and environment is very high [20]. Sustainability of a web application can be defined as the capacity of developing a software product in a sustainable manner [23]. Further, sustainability shows an essential character for high security design of web applications. Design properties of web applications also play a significant role during its development. Hence, achieving the relationship between security, sustainability and design is a very crucial task but very important for effective yet sustainable web application [21]. Sustainable-security may be cleared if the design assures the stable-security structure against security threats during the use of web application.
In the wake of rising costs, future calculated uncertainty and resource constraint, it is essential that the web applications provide high security and that too at decreasing cost. Sustainable-security will support in developing web application that will be capable of protecting itself from attacks apart from being dependent upon web application security for its safety in case of threats. Practitioners are trying their best to enlist higher sustainable-security of web application design. However, sustainable-security is still not at its efficacious best. Furthermore, educational institutions are demanding stable maintenance of security during the use of web applications and attributes play a crucial role in sustainable-security design of web applications. This paper discusses the effects of sustainability on security of web application design by explaining the effect of different attributes on the sustainable-security and identifies the characteristics of security and sustainability attributes [41], [42]. Web application security is the awareness applied to defend web application against malicious attack and other hacker risks so that the website stays to function correctly under such prospective risks [43], [44]. Also, security is essential to provide integrity, authentication and availability. Web application security protects it from attacks such SQL injection, cross scripting and other vulnerabilities [24].
Sustainable software is software which is easy to evolve and maintain, fulfills its intent over time and survives uncertainty [23]. A questionnaire of 20 questions relating to sustainable-security of web application was prepared and distributed to 100 experts from different areas of software as well as sustainability. The 70 valid responses were collected and based on these responses some attributes are identified and putted in a hierarchical manner to consider it for Fuzzy AHP TOPSIS calculation through the author's previous work [43]. Further, the data collected through expert's opinions have been arranged in the form of decision matrices [31], [43].
In this study, the identified sustainability attributes are verified against identified security attributes and mapping of these attributes through the classification at level 1, level 2, and level 3 has been done. Level 3 defines the design properties that affect sustainable-security of web applications. Relationship between the attributes has been presented in figure 1. Figure 1 shows the order of sustainable-security which is further classified in three levels of sustainable-security affecting attributes. For example, confidentiality affects reliability, extensibility and effectiveness; integrity affects reliability, extensibility, functionality, effectiveness and understandability, etc. Figure 1 also shows that a factor at one level affects one or additional attribute of the higher level but its impact is not the same on them. It may differ. For example, reliability has an influence on confidentiality, integrity and availability as well, but its influence values are not same [22]. The relationship of attributes helps to distinguish among the influences of the same factors with the others factor at a higher level. For the purpose of assessment, there are four factors at level 1 that are defined as follows: • Confidentiality: Confidentiality in terms of sustainable security refers to protecting information from being accessed by unauthorized parties while ensuring the maintenance of sustainability for human. In other words, only the people who are authorized to do so can gain access to sensitive data 25].
• Integrity: Integrity in terms of security refers to ensuring the authenticity of information with respect to sustainability-that information is not altered, and that the source of the information is genuine [25].
• Availability: Availability in terms of sustainable security means that data is manageable by authorized practitioners in a sustainable environment. If an attacker is not able to compromise the confidentiality and integrity, then the attacker may try to execute attacks like denial of service that would bring down the server, making the website unavailable to legitimate and sustainable users due to lack of availability [25]. • Perdurability: Perdurability may be defined as an extent to which a software may be modified and reused in order to perform stated functions under stated conditions for a specified period. It affects the extensibility, effectiveness, functionality, understandability and flexibility for sustainable security [26].
Factors of sustainable-security at level 1 are represented as F1, F2, F3 and F4. There are six factors at level 2 that are shown as follows: • Reliability: Reliability refers to the dynamic performance of a software as well as sustainable-security. Reliability is the extent to which a work product operates without failure under given conditions during a given time period. Reliability means to prevent sustainable web application security from failures and to make strategies to maintain its trustworthiness [27].
• Extensibility: Extensibility is defined as the simplicity with which sustainable-security can be improved by making changes in security requirements and goals. Sustainability depends on extensibility for improving the environmental sustainability of web application so that the cost and time incurred in web application security can be lessened [28].
• Flexibility: In the field of sustainable secure design, flexibility refers to the sustainable designs that can adapt external changes when it occurs. It affects design attributes of coupling, encapsulation and abstraction [28].
• Functionality: The quality or state of being functional for a sustainable design that is admired both for its beauty and for its functionality is known as the attribute of functionality of sustainability [29].
• Effectiveness: Effectiveness is a degree to which something is effective in making a preferred outcome; success. In sustainability terms effectiveness is maintaining the degree of effectiveness of sustainable security [28].
• Understandability: This term in sustainability is defined as ability to being understood in sustainable conditions. The information that should be able to comprehend itself in a sustainable environment [28]. The descriptions of seven design attributes with their influence on sustainable security attributes are as follows: • Coupling: Coupling is the degree of interdependence between software modules. For a good design of software, low coupling is required. Data coupling is considered as the best type of coupling. Coupling of sustainable software impacts reliability, flexibility, functionality and effectiveness 29].
• Cohesion: Cohesion is the measure of the degree to which the elements of the module functionally relate to each other. For a good design high cohesion is required. Cohesion is well affected by sustainable-security factors, i.e., extensibility, effectiveness and functionality as extensibility helps in gaining functionality, hence, the support process of cohesion [29].
• Polymorphism: It is a design idea that refers to the capability of a function to take on multiple forms. It is best for code reuse and hence increases the sustainability of developed software. As per the concept, polymorphism does affect the reliability, extensibility, effectiveness and understandability [30]. VOLUME 7, 2019 • Encapsulation: Encapsulation is the enclosure within an object of all the resources essential for the object to function or method of the data. Encapsulation provides the code security, flexibility and maintainability which is further stimulated into sustainable security. Encapsulation directly helps in maintaining sustainable security and hence it increases efficiency, functionality and flexibility of web application [30].
• Inheritance: The capability of a class to inherit properties and characteristics from another class is referred to as the inheritance property of design. This provides the capability of code reusability in design which further supports the concept of sustainability and security. Inheritance works on the concept of code reusability, hence it has an impact on reliability, effectiveness and functionality. It also improves the understandability of code using inherited classes and functions [29].
• Abstraction: Abstraction is the process of signifying vital features and hiding unused data from the user. This reduces complexity of code and improves the overall security of software design. Abstraction works on the concept of security and, hence, improves reliability and functionality of web application. Using abstract methods and classes hides the not useful data from the designer, thus improving the understandability and flexibility of code 30].
• Design-Size: Design size is the feature of design which is used to estimate the size of software design. A constrain design size reduces complexity, sustains the design for longer period. Improved design size improves extensibility and effectiveness of design. Estimation of design size does help in improving functionality and understandability of code and thus affects the sustainable security of web application [31]. Design plays a very influential role in software development in sustainable environment, still it is left for end consideration [5], [12]. While developing sustainable software, design should be considered as a team player with other attributes of sustainable security. The loss of design knowledge is a well-known problem that has received numerous attention of academicians in this field. The vision in this paper follows the concept of integrating design attributes in other attributes of sustainable-security for enhancing it and making it sustainable for longer duration. As design and sustainability both are the important attributes for quality web application, hence the integration of both will empower the overall quality of sustainable and secure software.

IV. INTEGRATED FUZZY AHP-TOPSIS METHOD
Various scientists have completed analysis with respect to security and sustainability. Transformation of web application security through sustainability is a new propaganda for high security, environmental and economic sustainability [32]. In addition, Multi-Criteria Group Decision Making (MCGDM) problems are frequently encountered in practice for achieving the goals as per user's needs and sensitivity of the information [33]. Several methods exist in the literature that can be applied to solve such problems [33]. To assess the subjective and objective values of the factors, AHP is a better procedure than the other MCDA procedures.
But, AHP cannot resolve the intrinsic uncertainty and vagueness of a decision maker's responsiveness of exact statistics. Authors of the present study found that experts have united the Fuzzy theory with AHP as the real world is highly vague to analyze imprecise real-world difficulties [34]. Further, the AHP method is based on very unstable scale of judgments, but the Fuzzy AHP also has some faults [33]- [34]. Hence, an integrated Fuzzy approach of AHP and TOPSIS is a unique method that can help in the systematic evaluation of alternatives on multiple criteria.
Step-by-step process of Fuzzy AHP-TOPSIS method is as follows:

A. FUZZY AHP
For resolving difficult decision problems, Fuzzy AHP is a valuable method and every complex problem can be analyzed by different classified levels of objectives. The difficulty is separated into a tree structure to resolve it by using Fuzzy-AHP. Further, AHP is used as a decision making tool for estimating the priority numbers for different alternatives with representing multiple criteria in a hierarchical structure [13]. In order to simplify the fuzzy AHP process for this research from the feasible viewpoints, the fuzzy AHP based on the fuzzy interval arithmetic with triangular fuzzy numbers to determine the weights of evaluative elements have been proposed. The AHP process was first proposed by Saaty [39]. It only uses the pair-wise comparison matrix to handle the imprecision in multi-criteria decision marking problems [18]. The model proposed here uses the triangular fuzzy numbers for representing the linguistic variables and implementing fuzzy operations with AHP. Zadeh introduced the fuzzy set theory to deal with the uncertainty due to imprecision and vagueness [40]. The tree structure for Fuzzy AHP TOPSIS has been presented in figure 1. This tree structure can be prepared by using experts' views and reactions in questionnaire or using brainstorming. The next step is constructing the Triangular Fuzzy Number (TFN) from the tree hierarchy. With the help of one criteria impact on other criteria, pair-wise comparison of each group of classified objectives plays an important role.
After taking linguistic values, practitioners convert it into crisp numbers and TFN. This paper also uses the TFN and it lies between 0 and 1 [35]. The reason for such an adoption is the computational simplicity of triangular fuzzy membership functions and their ability to deal with fuzzy data [33].
Here l, mi, and u are given as a lower limit, middle limit, and upper limit correspondingly in the triangular membership function. Figure 2 depicts a TFN.

FIGURE 2. Triangular fuzzy numbers.
A TFN is represented as (l, mi, u). Specialists allocated scores to the factors affecting the values in a quantitative way according to scale that is presented in table 1. The equations (3)(4)(5)(6) are taken in changing the numeric values into TFN [33]- [35] that are designated as (l ij , mi ij , u ij ) where, l ij is lower value, mi ij is middle value and u ij is uppermost level events. Additional, TFN [ ij] is recognized as: and u ij = max J ijd (6) In the equations (3-6), J ijk indicates the relative importance of the values between two factors which is given by practitioner d, where i and j signify a pair of factors being decided by practitioners. ij is evaluated based on the geometric mean of expert's views for a specific comparison. The geometric mean is proficient of correctly combining and signifying the consensus of practitioners and denotes the lowest and highest scores, correspondingly, for the relative importance between the two factors. Further, equations (7-9) support to combined TFN values. Consider two TFNs M1 and M2, M1= (l 1 , mi 1 , u 1 ) and M2= (l 2 , mi 2 , u 2 ). The rules of operations on them are as: (l 1 , mi 1 , u 1 )+(l 2 , mi 2 , u 2 ) = (l 1 +l 2 , mi 1 +mi 2 , u 2 +u 2 ) (7) (l 1 , mi 1 , u 1 )×(l 2 , mi 2 , u 2 ) = (l 1 ×l 2 , mi 1 ×mi 2 , u 1 ×u 2 ) (8) After receiving the TFN values for every pair of comparison, a fuzzy pair-wise comparison matrix is constructed in the form of n x n matrix with the help of equation (10).
where k k ij represents the d th decision makers' preference of the i th criteria over the j th criteria. If more than one decision maker is present, then the average of the preferences of each decision maker is obtained with the help of equation (11).
Next step is to update the pair-wise comparison matrixes for all factors in the hierarchy on the basis of the averaged preferences with the help of equation (12).
After this we use the geometrical mean technique as shown in equation (13) to describe the fuzzy geometrical mean and fuzzy weights of each factor.
Next step is to conclude the fuzzy weight of the factor with the help of equation (14).
Further, to calculate the average and normalized weight criteria with the help of equations (15)(16).
Furthermore, the Centre of Area (COA) method is used to calculate the BNP value of the fuzzy weights of each measurement with the help of equation (17).

B. FUZZY TOPSIS
With m alternatives as a geometric arrangement with m points in the n-dimensional space of factor, TOPSIS views a multi criteria decision making problem. For TOPSIS, the method used in this paper is based on the idea that a designated alternative has the shortest and farthest distance from the positive-ideal solution and the negative-ideal solution for maximum and minimum ideal solutions, respectively [36]. According to Shadbegian and Gray, practitioners face trouble in allocating a precise performance rating to an alternative with respect to factor [36]. For consistency with the real-world fuzzy environment, this method assigns fuzzy numbers instead of precise numbers for representing the relative importance of factor. In addition, Fuzzy AHP-TOPSIS method is particularly suitable for solving group decision-making problems under fuzzy environments. Figure 3 is showing the overall process to achieve weights and estimating the viability of methods Fuzzy AHP-TOPSIS.
where,x ij = 1 D x 1 ij · · · ⊕x d ij ⊕ · · ·x D ij , andx d ij is the performance rating of the alternative A i with respect to factor C j estimated by the d th practitioner andx d ij = (l d ij , mi d ij , u d ij ). Next step is to normalize the fuzzy decision matrix with the assistance of equation (19). The normalized fuzzy decision matrix represented byP is depicted as follows. P = p ij m×n (19) Thereafter, the normalization process can be achievedwith the help of equation (20). Alternatively, we can set the best desired level u + j and j = 1, 2,..., n is equal to 1; otherwise, the worst is 0. The normalized p ij continues to be TFNs. For trapezoidal fuzzy numbers, the normalization process can be performed in the similar manner. The weighted fuzzy normalized decision matrix (Q) is quantified with the help of equation (21). Q = q ij m×n i = 1, 2, ..m; j = 1, 2, 3 . . . n (21) where,q ij =p ij ⊗w ij and then, define the Fuzzy Positive-Ideal Solution (FPIS) and Fuzzy Negative-Ideal Solution (FNIS). The weighted normalized fuzzy decision matrix indicates that the elementsq ij are normalized positive TFN and their ranges belong to the closed interval [0, 1]. Thereafter, we can describe the FPIS A + (aspiration levels) and FNIS A − (the worst levels) as shown in equations (22)(23).
In the very next step, we find the closeness coefficients (relative gaps-degree) and develop the alternatives to achieve the aspiration levels in each factor. Ying-Chyi Chou et al. proposed that CC i is cleared to evaluate the fuzzy gaps-degree on the basis of the fuzzy closeness coefficients to improve the alternatives [35]. Onced + i andd − i of each alternative have been evaluated, the similarities to the ideal solution are calculated. This step solves the similarities to an ideal solution as shown in equation (26). where,k

V. EMPIRICAL DATA ANALYSIS AND RESULTS
Generally, qualitative estimation is suitable for estimating sustainable-security. It is difficult to evaluate the sustainablesecurity of web applications quantitatively. Global collective action led to the formulation of sustainability policy. In recent years, practitioners have adopted sustainability policies and programs to a great extent [33] with tremendous results. Also, organizations are trying to adopt high security of web applications. In addition, sustainable-security factors impact plays a noteworthy role in sustainable-security during web application development process [30]. In this row, authors of the paper contribute a way for sustainable-security design estimation through Fuzzy AHP-TOPSIS. Authors have classified and discussed the sustainablesecurity in the previous sections. As figure 1 shows that an attribute of the classification at one level impacts other or more attribute of the higher level but its impact is not the same on them. It may differ. For the purpose of assessment, we converted the classified attributes into hierarchies and shown it into figure 1.
For the determination of assessment, factors of confidentiality with respect to sustainable-security at level 2 are represented as F11, F12, and F13. Attributes of integrity with respect to sustainable-security at level 2 are represented as F21, F22, F23, F24 and F25. Attributes of availability with respect to sustainable-security at level 2 are represented as F31, F32, F33, F34 and F35. Attributes of perdurability with respect to sustainable-security at level 2 are represented as F41, F42, F43, F44 and F45.
For the purpose of evaluation, factors of reliability (F11) at level 3 are represented as F111, F112, F113, and F114. As shown in figure 1, reliability is common attribute in three hierarchies. So, attributes of reliability (for F21 and F31) are same as the attributes of F11 through the hierarchy structure of sustainable-security. Attributes of extensibility (F12) at level 3 are denoted as F121, F122 and F123. As shown in figure 1, extensibility is common attribute in three hierarchies. Hence, the attributes of extensibility (for F22 and F41) are same as the attributes of F12 through the hierarchy structure of sustainable-security.
Attributes of effectiveness (F13) at level 3 are denoted as F131, F132, F133, F134, F135 and F136. As shown in figure 1, effectiveness is common attributes in four hierarchies. Therefore, the attributes of effectiveness (for F23, F32, and F42) are same as the attributes of F13 through the hierarchy structure of sustainable-security. Attributes of functionality (F24) at level 3 are denoted as F241, F242, F243, F244, F245 and F246. As shown in figure 1, functionality is common attributes in three hierarchies. So the attributes of functionality (for F33 and F43) are same as attributes of F24 through the hierarchy structure of sustainable-security.
Attributes of understandability (F25) at level 3 are denoted as F251, F252, F253 and F254. As shown in figure 1, understandability is common attributes in three hierarchies. Hence, the attributes of understandability (for F34 and F44) are same as the attributes of F25 through the hierarchy structure of sustainable-security. Attributes of flexibility (F35) at level 3 are denoted as F351, F352 and F353. As shown in figure 1, flexibility is common attributes in two hierarchies. So, the attributes of flexibility (for F45) are same as attributes of F35 through the hierarchy structure of sustainable-security. With the help of these hierarchies, the authors of this study evaluated the sustainable-security of web application.      For collecting the data, this paper has taken opinions of 70 experts who hail from academia as well as industry. With the help of equations , sustainable-security estimation through Fuzzy AHP-TOPSIS has been evaluated as follows: With In the same manner, the pair-wise comparison matrixes of the level 1 attributes is constructed with the help of equation (10) and shown in table 3. Similarly, from  table 4 to table 13 presented combined pair-wise comparison matrixes for hierarchies of level 2 and level 3.
With help of equations (11)(12)(13), calculating the fuzzy weights of factors, the computational processes are showed as the succeeding components:      The weight of each element can be calculated with the help of equations (14)(15)(16)         Bulgarian citizens had been stolen. The attacker showed half of the pilfered data to many Bulgarian and international media sources as the proof of his act [37]. The authors of the report rightly discussed the problems encountered in a web application and also pointed that secure design of web application is the need of the time. Also, Tim Frick in his article said that 'Sustainable web design meets the current requirements of its customers, without compromising the ability of those requests to be met in the future' [38]. Hence the need for this era changes to sustainable and secure web design of web applications. This research focuses on both points and has created a hierarchical framework which in the end points out the important and contributing factors in sustainable-security design of web application. As web applications have become a compelling need, their usage and complexity are gradually growing. In addition, exponential growth in security attacks imposes the need to develop web applications that enable high security with sustainability. Assessment and estimation is the only way to achieve sustainable-security. This research paper integrates security as well as sustainability factors and evaluates sustainable-security in perspective of design. The results of the study will help the developers to integrate sustainable-security with designing web application during its development. There are already many estimation models or methods available in the literature for quantifying security and sustainability individually but the availability of models or methods which integrate security and sustainability with its design attributes in a single row using MCDM approaches is significantly less. In this study, the authors have evaluated seventeen sustainable-security-design factors which can be integrated during web application development. In this paper, we have taken six projects of two web applications and composed opinions of practitioners about the contributing sustainability, design and security factors of the specific web application. Data collated from the expert is compiled by  Fuzzy AHP-TOPSIS. Findings and pros of this work can be summarized as: • Estimating sustainable-security of web application design will help the developers to attain economic, social and environmental sustainability along with increasing users' satisfaction, thus, providing secure web application design.
• The quantitative results achieved by Fuzzy AHP-TOPSIS will support the practitioners in categorizing higher ranked factors of sustainable-security-design while developing web application so that the developers design an application whose security is sustainable for a long time.
• Sustainable-security is the most pressing concern of this era which should be given priority but is still ignored. This assessment would help the developers to gain an insight into design of sustainablesecurity.
• Development guidelines can be produced over this estimation to help the developers in improving the design of sustainable-security using high prioritized factors in concern. From the discussion it is clear that estimation of design of sustainable-security is noteworthy and dynamic in its own way. Still, this estimation may have some boundaries which can be overcome in the future work. Boundaries of the outcomes are as follows: • The data collected for web applications are significant but small. The outcomes may differ if the data is large.
• There might be additional sustainability and security design factors other than those acknowledged in this work.

VII. CONCLUSION
Effective sustainable security engineering and its integration in web applications remains a daunting challenge for the web developers and requires a concrete framework for security and its assessment. This paper posits an assessment framework with Fuzzy AHP-TOPSIS methodology for estimating sustainable-security of web application with focus on design perception. The assessment is done using two case studies with six projects. Rankings were provided after the assessment of sustainable-security. The results obtained were satisfactory and gap degree and closeness coefficient was found to be negligible in the study. The present state of security for web applications is not commensurate with the threat or potential consequences. The software industry has developed a large number of insecure systems with various vulnerabilities and applications which are non-sustainable. Development of security guidelines which focuses on sustainability too is the demand of this era. Hence, assessment of sustainablesecurity helps developers to develop guidelines which further make web applications design more sustainable and secure.
ALKA AGRAWAL received the Ph.D. degree from Babasaheb Bhimrao Ambedkar University (A Central University), Lucknow, where she is currently an Assistant Professor. She is a passionate researcher. She has also published a number of research articles in national and international journals. She has research/teaching experience of more than ten years. She is currently involved in the fields of big data security, genetic algorithms, and software security. Her areas of research include software security and software vulnerability.