A Uniﬁed Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Method for Evaluating Sustainable-Security of Web Applications

: Although security is an integral aspect of any web application’s growth, sustainability is also a pivotal factor in maintaining the web application. It is clear that the software industry aims to develop di ﬀ erent methods and initiatives for achieving high security while maintaining high sustainability. Unfortunately, web application protection is useless if the sustainability is low. Thus, the present day need calls for innovation in developing web applications that a ﬀ ord sustainable-security to the users. By improving sustainability along with web application protection, underlying security and sustainability attributes play a vital role in determining the symmetrical e ﬀ ect of the sustainability and security attribute to achieve the best outcome. Sustainability evaluation, therefore, uses security and sustainability qualities to achieve the desired sustainability security solutions. In this study, ten consecutive versions of two web applications were used to determine symmetrical sustainability. The authors used the Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) mechanism to determine sustainability goals and long-term impact. Furthermore, the e ﬀ ect of security on sustainability is assessed, and vice versa. The ﬁndings in the paper will prove to be valuable for improving sustainability of the web application.


Introduction
Several research pursuits have focused on understanding and classifying security estimation methodology [1] to enhance the security of web applications. However, in practice, the security objectives have to be realigned to meet the user's need. This is the reason for the widening of the gap between literature and actual practices. Objectives can be achieved by identifying, establishing, and evaluating. However, sustainability, being a definite imperative for humanity, security with sustainability of a web application has become the compelling intent during development process [2,3]. The main purpose is to secure a web application from malicious attacks. However, at times, the one who uses the machine becomes the weakest link and, unintentionally, invites attacks.
Security practitioners are consistently working on techniques to enhance both the sustainability and optimum security of the web applications [2]. Prevention of unauthorized access is the prime objective of security, while sustainability emphasizes maintaining the continuous services for users [3]. Sustainability is considered to be a system issue, and not an era or industrial issue [3,4]. Therefore, the focus of companies is usually on retaining sustainable-security, i.e., ensuring non-stop security mechanisms for the users.

•
Conducting an in-depth study of sustainable-security, i.e., web-application sustainability and its security and privacy strength and weakness.

•
Proposing a Fuzzy-AHP method, a stable and efficient methodology implemented on different web-applications to establish its validity.

•
Conducting sensitivity analysis on the results to show the efficacy of our proposed solution Fuzzy AHP vs. other solutions.

•
The results show that fuzzy-AHP proves more efficient than the other classical approaches.

•
With the help of the comparisons in outcomes of this contribution and previous work conducted with the perspective of sustainable-security of web applications, it is clear that this work may be helpful for the security developers for improving the security of web applications.
The remainder of the paper is formulated as follows. Section 2 describes the sustainable-security of web applications in detail and introduces the methodology, i.e., Fuzzy-AHP. Section 3 assesses and presents the outcome achieved through the Fuzzy-AHP and classical-AHP methodologies and the results of the sensitivity analysis. The discussion on the findings and concluding remarks are listed in Sections 4 and 5, respectively.

Sustainable-Security of Web Applications
Web application security is a thought or technique used to keep noxious assaults from different pernicious destinations and clients [12]. With the fast development of web applications, the security requirements in a sustainable environment are becoming increasingly diverse [13,14]. According to G. McGraw, the security of web applications helps build a secure web application, i.e., developing a web application to make it safe and secure, assuring that the web application keeps itself safe, and educating web application engineers and end users how to build secure web applications [15]. It is already a social and economic demand to adapt ecofriendly means of making the current products and services workable as well as sustainable [16,17]. The balance between sustainability and theoretical as well as practical security is not commonly recognized as a bottom-line principle in web application security. Furthermore, many authors believe that sustainability cannot be compromised while managing web application security development. However, the literature review has, evidently, revealed the original facts about considering sustainable-security in web applications.
The assessment and upkeep of CIA with a sustainable environment during the development of web application is one of the best ways to obtain sustainable and secure web applications [18,19]. Because of the importance of sustainable-security in web applications nowadays, everyone wants to ensure security. However, security assurance demands high complexity, the high security makes the applications less sustainable and complex renewable. This problem generates concerns for the longer Symmetry 2020, 12, 448 4 of 22 web application services. Birgit Penzenstadler, an eminent author on sustainability quotes in one of his work, "to draw attention to software safety issues in software engineering, it is argued that sustainability must be treated as a first-class quality alongside other critical factors such as safety, security, efficiency, reliability, and durability" [8,20]. Due to the increasing number of personal frauds, security hazards, and financial theft, security with sustainability assumes utmost priority [3][4][5]. Thus, today's web application provider organizations should focus on both security and sustainability at the same time.
As an eminent organization of security, Microsoft defines sustainability as a quantity of how stable a design is to secure a product to perform its prescribed responsibilities [17]. Moreover, sustainable software has impact on the society, economy, human beings, and environment that results from different types of developments and deployment, and, by the usage of the software, are nominal, having some positive effect on the environment [18,19]. According to the scholar Coral Calero: "Sustainable software development aims to meet software needs while ensuring the sustainability of natural systems and the environment." Software product sustainability is the capability of developing software in the most sustainable manner [1,4]. The relation of security and sustainability can be established by identifying the commonly contributing factors of both. The factors of sustainable-security with their definition are shown in Table 1.

Security
Web Application security is mindfulness applied to protect the web application against noxious assaults and different dangers delivered by hackers and malevolent information so the site keeps on working accurately under potential dangers. Likewise, it is accepted that security is important to offer significant types of assistance as integrity, authentication, and availability [13][14][15].

Sustainability
For the most part, Sustainability is characterized as meeting the prerequisites of the present client without compromising the environment and ability of future generation to meet their necessities [12,18].

Confidentiality
Confidentiality, with regards to sustainable-security, can be characterized as ensuring that secure information can be retrieved only by the authorized person while confirming the maintenance of sustainability for the intended user [19].

Integrity
Integrity in security means ensuring the authenticity of information with respect to sustainability [19,20].

Availability
Availability in sustainable-security ensures that information is accessible by authorized users in a sustainable environment. If the attackers are not allowed to compromise the integrity and confidentiality, they may attempt to execute attacks to bring down the server [20].

Energy Consumption
Energy consumption in terms of sustainable-security is the degree to which the amount of energy used by a software product when performing its security functions meets the security requirements [4,12].

Web-based resource Optimization
Web-based resource optimization is the set of models and practices used to fulfill the available resources, such as human, machinery, and finances, with the security requirements of the organization to achieve the well-known sustainability and security goals. Resource optimization is achieving the desired results within the stipulated time and budget with minimum usage of the resources [13,14].

Perdurability
Perdurability is the idea of producing sustainable software security products that have longevity and are adaptable and recyclable, i.e., increasing those aspects that make the software last for long time with the ability to adapt to change without losing its functionality related to its quality [15,16].

Reliability
The reliability of software sustainable-security is defined as the extent to which the software performs securely for a specific period of time in a specific sustainable environment [14].

Maintainability
Maintainability in sustainable-security is defined as the degree of effectiveness and efficiency with which a product or system can be modified by the envisioned developers to maintain sustainability [14,16].

Portability
Portability in sustainable-security is the degree of effectiveness and efficiency with which software and its security can be transferred from one software product to another [15]. Sustainable and invulnerable systems no longer exist in a vacuum and, without the involvement of humans, these sustainable services cannot function. Developers of software security and sustainability must learn to work on the concepts of a shared environment [21]. This is because security and sustainability work harmoniously with each other. There are already numerous methods that have been established to integrate the two, but each mechanism has its limitations and advantages [22]. Sustainability in security must be integrated into sustainable-security from the very initial stage of development and must be maintained until the security services are running [23]. Sustainable-security appears to be an excellent explanation for all likelihoods that exist between sustainability and security. This assessment of sustainable-security focuses on the leverages and constraints of both methods and, with an appropriate procedure, a solution to assure sustainability with security is established.
Therefore, sustainable-security has two important elements, namely, security and sustainability. Further, the CIA is the foundation of security [24]. In the context of sustainable-security, confidentiality is defined as the allowance of authorized access in a sustainable environment to sensitive and secure data [25,26]. Integrity is the quality of software security established by ethical affirmation and decision. Availability is the ability of the user to access resources in a sustainable environment [27,28]. Other factors of sustainable-security have already been defined in Table 1. This work proposes an approach for estimating sustainable-security through Fuzzy-AHP. A hierarchy of sustainable-security factors is presented in Figure 1.
Maintainability effectiveness and efficiency with which a product or system can be modified by the envisioned developers to maintain sustainability [14,16].

Portability
Portability in sustainable-security is the degree of effectiveness and efficiency with which software and its security can be transferred from one software product to another [15].
Sustainable and invulnerable systems no longer exist in a vacuum and, without the involvement of humans, these sustainable services cannot function. Developers of software security and sustainability must learn to work on the concepts of a shared environment [21]. This is because security and sustainability work harmoniously with each other. There are already numerous methods that have been established to integrate the two, but each mechanism has its limitations and advantages [22]. Sustainability in security must be integrated into sustainable-security from the very initial stage of development and must be maintained until the security services are running [23].
Sustainable-security appears to be an excellent explanation for all likelihoods that exist between sustainability and security. This assessment of sustainable-security focuses on the leverages and constraints of both methods and, with an appropriate procedure, a solution to assure sustainability with security is established.
Therefore, sustainable-security has two important elements, namely, security and sustainability. Further, the CIA is the foundation of security [24]. In the context of sustainable-security, confidentiality is defined as the allowance of authorized access in a sustainable environment to sensitive and secure data [25,26]. Integrity is the quality of software security established by ethical affirmation and decision. Availability is the ability of the user to access resources in a sustainable environment [27,28]. Other factors of sustainable-security have already been defined in Table 1. This work proposes an approach for estimating sustainable-security through Fuzzy-AHP. A hierarchy of sustainable-security factors is presented in Figure 1.  Figure 1 depicts that Confidentiality, Integrity, and Availability (CIA) and Energy Consumption, Perdurability, and Web-based Resource Optimization (EPW) affect the sustainable-security of the web application. Sustainable-security may be improved by focusing on CIA and EPW together [4,21]. Therefore, the above factors will be taken into account while assessing sustainable-security.

Methodology Followed
Different researchers have analyzed security and sustainability in different perspectives. Transformation of web application and cyber security through sustainability is a new area of interest for security, environmental, and economic sustainability [29][30][31]. To measure the sustainablesecurity, Multiple Criteria and Multiple Decisions Analysis (MCMDA) plays a significant role in  Figure 1 depicts that Confidentiality, Integrity, and Availability (CIA) and Energy Consumption, Perdurability, and Web-based Resource Optimization (EPW) affect the sustainable-security of the web application. Sustainable-security may be improved by focusing on CIA and EPW together [4,21]. Therefore, the above factors will be taken into account while assessing sustainable-security.

Methodology Followed
Different researchers have analyzed security and sustainability in different perspectives. Transformation of web application and cyber security through sustainability is a new area of interest for security, environmental, and economic sustainability [29][30][31]. To measure the sustainablesecurity, Multiple Criteria and Multiple Decisions Analysis (MCMDA) plays a significant role in presenting numerous contradictory assessments including fuzzy analytical hierarchy process [32]. Additionally, every decision methodology is different in perspective of their objective and subjective weights [33,34]. An assessment method, namely, Multi Criteria Decisions Analysis (MCDA), is proposed for sustainable-security to measure the satisfaction and ease of practice.
Sustainable-security appraisal is a multi-criteria problem as it contains different level of factors described earlier in this work. This work aims to measure the sustainable-security with the support of Fuzzy-AHP. As it is a multi-criteria issue, it is essential to disintegrate a multi-criteria problem Symmetry 2020, 12, 448 6 of 22 into a hierarchy. Saaty used AHP for the very first time [35,36], with the aim of showing that there are problems with factors which have fuzziness in it. Therefore, the decision-maker's responses are converted into fuzzy matrix using previously defined fuzzy criteria. The steps in assessment of any criteria using Fuzzy-AHP include the following.
A. Identify and Determine Problems: Identify and determine the problem to be solved so that all attributes of the problem are clearly known.
B. Set up Hierarchy Architecture: Identify attributes and relevant sub-attributes that have direct or indirect impact over each other by thorough literature. Now, create the hierarchical relationship between factors. The problem that has been taken here is sustainable-security and its evaluation. The factors contributing in its evaluation have already been defined in the above discussion. The decision-makers play a vital role in deciding these factors and the relation between them.
C. Define and Set up Fuzzy Pairwise Matrices: The next step is to build a fuzzy pairwise comparison matrix using the decisions given by experts. After converting the definite values to fuzzy numbers as per the definitions in Table 1 and Figure 1, we have compared the relative importance between attributes. To assess the fuzziness in MCDA problems, as in Equation (1), the AHP method uses the pairwise comparison matrix.
An n-by-n matrix, A, can be expressed as shown in Equation (1). Let C 1 , C 2 ,..., C n signify the set of factors and a ij signify a measured decision on a set of factors C i , C j . The comparative position of the two factors is rated using a scale [37,38].
D. Calculating The Fuzzy Value Into Its Weight: To calculate fuzzy value into its relative weight the TFN value is defined in the starting of methodology. Figure 2 shows a triangular fuzzy number.
presenting numerous contradictory assessments including fuzzy analytical hierarchy process [32]. Additionally, every decision methodology is different in perspective of their objective and subjective weights [33,34]. An assessment method, namely, Multi Criteria Decisions Analysis (MCDA), is proposed for sustainable-security to measure the satisfaction and ease of practice.
Sustainable-security appraisal is a multi-criteria problem as it contains different level of factors described earlier in this work. This work aims to measure the sustainable-security with the support of Fuzzy-AHP. As it is a multi-criteria issue, it is essential to disintegrate a multi-criteria problem into a hierarchy. Saaty used AHP for the very first time [35,36], with the aim of showing that there are problems with factors which have fuzziness in it. Therefore, the decision-maker's responses are converted into fuzzy matrix using previously defined fuzzy criteria. The steps in assessment of any criteria using Fuzzy-AHP include the following.
A. Identify and Determine Problems: Identify and determine the problem to be solved so that all attributes of the problem are clearly known.
B. Set up Hierarchy Architecture: Identify attributes and relevant sub-attributes that have direct or indirect impact over each other by thorough literature. Now, create the hierarchical relationship between factors. The problem that has been taken here is sustainable-security and its evaluation. The factors contributing in its evaluation have already been defined in the above discussion. The decisionmakers play a vital role in deciding these factors and the relation between them.
C. Define and Set up Fuzzy Pairwise Matrices: The next step is to build a fuzzy pairwise comparison matrix using the decisions given by experts. After converting the definite values to fuzzy numbers as per the definitions in Table 1 and Figure 1, we have compared the relative importance between attributes. To assess the fuzziness in MCDA problems, as in Equation (1), the AHP method uses the pairwise comparison matrix.
An n-by-n matrix, , can be expressed as shown in Equation (1). Let C1, C2,..., Cn signify the set of factors and aij signify a measured decision on a set of factors Ci, Cj. The comparative position of the two factors is rated using a scale [37,38].

D. Calculating The Fuzzy Value Into Its Weight:
To calculate fuzzy value into its relative weight the TFN value is defined in the starting of methodology. Figure 2 shows a triangular fuzzy number.
U(x) A TFN is denoted simply as its lower, medium, and higher value (Lw, Mi, and Ur, respectively). Equations (2)-(4) convert the numeric values into a Triangular Fuzzy Number (TFN) [39] comprising where Lw ij ≤ Mi ij ≤ Ur ij and Lw ij , Mi ij , Ur ij ∈ [1 /9, 9] (3) As shown in the equations, η ij is the membership function and J ijk is the relative prominence of the principles among two alternatives and is given by expert k, where i and j represent a pair of alternatives being judged by experts. Value η ij is deliberated based on the geometric mean of expert's opinions for a particular comparison. After getting the TFN value for every pair of comparison, a fuzzy comparison matrix pairwise is established in the form of n×n matrix.
E. Connection of Hierarchy: The next step is to put all hierarchies in series to get factor weights in the fuzzified form.
F. Defuzzification: Now, the next step is to transform the fuzzy numbers to understandable and definite values, the research under reference adopts the alpha cut mechanism to address fuzzy numbers into finite values [39][40][41]. The alpha cut method is defined as below, Preferences and error tolerance of experts are denoted by α and β in these equations, respectively. The values of α and β in equation vary between 0 and 1. A set of all elements define the alpha cut of a fuzzy set. Further, values ranging between 0 and 1 define the alpha threshold value.
G. Ordering: The sequencing step consists of ordering the defuzzified criteria according to its hierarchy and placing it into its ranks.
Further, the eigenvector and eigenvalue for comparison matrix pairwise are calculated to get the accumulated weight of specific benchmark. Let us assume ρ α,β stands for the eigenvector. Also, the eigenvalue of the fuzzy pairwise comparison matrix a ij. is denoted by λ.
Equation (8) is based on the linear transformation of vectors. In Equation (8), I represents the unitary matrix. Equations (1)-(8) are used to calculate the different weight of each attribute in relation to every other attribute. To check if the AHP process is correct, check the Consistency Ratio (CR) [38,39]. If CR value is less than 0.1, then the AHP analysis is correct; otherwise, the pairwise comparison matrix is analyzed again and the Fuzzy-AHP process is repeated.

Results through Fuzzy-AHP
For the most part, subjective evaluation is reasonable for assessing sustainable-security. It is hard to assess web application security in a quantitative manner. Worldwide aggregate activity prompted the detailing of formulation of sustainability policy. Lately, specialists have embraced sustainability policies to a great extent [5][6][7] with successful outcomes. Likewise, development agencies are attempting to embrace high web applications security. What is more, the impact of sustainable-security factors plays an exceptional role in sustainable-security during web application development process [41].
The paper presents a way for sustainable-security assessment with the assistance of Fuzzy-AHP. For collecting data, authors have taken the opinions of 110 experts who hail from academia as well as industry; these academicians and researchers were brought together in a simulated meeting situation. These professionals had more than 10 years of experience in web application development and had relevant expertise in using these models in symmetrical and sustainable environment. They discussed the factors with respect to different groups and gave linguistic values with the help of a scale. This contribution intends to gauge the web applications sustainable-security using the experts' inputs.
To appraise the sustainable-security, ten successive versions of two different developed web applications for Lucknow-India-Based Central University (Babasaheb Bhimrao Ambedkar University), including A1, A2, A3 A4, and A5 for project 1 and A6, A7, A8, A9, and A10 for project 2, have been taken. Both of these web applications are highly sensitive for their data and agree that working on their security in a sustainable manner is important. Year-wise, different versions of a web application for the entrance exam of the University are called A1, A2, A3 A4, and A5 [40], and year-wise, different versions of a web application for national online quiz competition are called A6, A7, A8, A9, and A10 [42]. To measure the top version, Figure 1 shows the hierarchal structure of the sustainable-security factors. With the help of Equations (1-4), triangular fuzzy numbers are evaluated. After qualitative assessment, Tables 2-5 show a comparison that is matrix-pairwise (aggregated fuzzy) for different levels.     Table 2 shows the aggregated pairwise comparison matrix for level 1 by using fuzzy-AHP, which contains only two factors: security and sustainability. Table 3 shows a Comparison Matrix Pairwise (Fuzzy Aggregated) for level 2, which contains three factors, including confidentiality, integrity, and availability. Table 4 shows the aggregated comparison matrix pairwise for level 2 by using fuzzy-AHP, which contains three factors: confidentiality, integrity, and availability. Table 5 shows the aggregated comparison matrix-pairwise for level 3 by using fuzzy-AHP, which contains three sub-factors: reliability, maintainability, and portability. According to the hierarchy, Tables 2-5 show a comparison matrix-pairwise (fuzzy aggregated) at levels 1-3. From Equations (5)- (8), this paper derived the defuzzified values and local weights. The relative importance of the security and sustainability factors in the TFN value is weighted as (0.3127, 0.4395, and 0.6252). Then, with the help of Equation (6) (8) and (9), with respect to other criteria, the weights of particular criteria may be acquired as Moreover, the local weights of sustainable-security factors and CR values of each group are shown in Tables 6-9.   Table 6 shows the local weights of level 1 factors. From the results, it is evident that sustainability is a more important factor than security for balancing the sustainable-security. Figure 3 shows the graphical representation of local weights of level 1 factors.  Table 6 shows the local weights of level 1 factors. From the results, it is evident that sustainability is a more important factor than security for balancing the sustainable-security. Figure 3 shows the graphical representation of local weights of level 1 factors.   Table 7 shows the local weights of level 2 factors of security. From the results, it is evident that availability is an important factor among the three factors of this level. Figure 4 shows the graphical representation of local weights of level 2 factors.  Table 7 shows the local weights of level 2 factors of security. From the results, it is evident that availability is an important factor among the three factors of this level. Figure 4 shows the graphical representation of local weights of level 2 factors.   Table 6 shows the local weights of level 1 factors. From the results, it is evident that sustainability is a more important factor than security for balancing the sustainable-security. Figure 3 shows the graphical representation of local weights of level 1 factors.   Table 7 shows the local weights of level 2 factors of security. From the results, it is evident that availability is an important factor among the three factors of this level. Figure 4 shows the graphical representation of local weights of level 2 factors.   Table 8 shows the local weights of level 2 factors of sustainability. From the results, it is evident that perdurability is an important factor among the three factors of this level. Figure 5 shows the graphical representation of local weights of level 2 factors of sustainability. Table 9 shows the local weights of level 3 sub-factors of perdurability, and it is evident from the results that portability has the highest weight. Figure 6 shows the graphical representation of level 3 sub-factors. From the results, it is evident that maintainability is an important factor among the three factors of this level. Table 10 shows the final or global weights and the overall priorities of the tree structure. Where A1, A2, A3 . . . . . . An, symbols are described as the alternatives and objective weights of the criteria that are stated in Table 10.  Table 8 shows the local weights of level 2 factors of sustainability. From the results, it is evident that perdurability is an important factor among the three factors of this level. Figure 5 shows the graphical representation of local weights of level 2 factors of sustainability.  graphical representation of local weights of level 2 factors of sustainability.  The combined significances of levels 2 and 3 are then persevered by aggregating the weights throughout the hierarchy. In sustainable-security, security has 0.3123 weight and sustainability has 0.6877 weight. This implies that security is more significant than sustainability to achieve sustainablesecurity at its best. For security, confidentiality has 0.0557 weight, integrity has 0.0985 weight, and availability has 0.1581 weight, and therefore availability is most important for sustainable-security. For sustainability, the final weight of energy consumption is 0.1185, the weight of web based resource optimization is 0.2193, and the weight of perdurability is 0.3499.
Among these three, the weighting of perdurability is highest. This indicates that improvement in sustainable-security can be achieved by focusing on perdurability. Figure 7 shows the final weights of factors from the hierarchy shown in Figure 1 and the results show that sustainability has the highest weight among all. The three sub-factors of perdurability have the following final weights, reliability is 0.0566, maintainability is 0.1088, and portability is 0.1845. The value of sustainable-security for different alternatives has been evaluated as below.

Sensitivity Analysis
Sensitivity analysis defines how distinctive the values of an independent variable will influence a unique structured variable within a given set of assumptions [3][4][5]. In this research work, the threshold (values of α and β) is assumed as 0.5. The range of α and β lies in between zero and one. Deviations due to the values of α and β are depicted in Table 11. The graphical representations of the variation are shown in Figure 8.

Sensitivity Analysis
Sensitivity analysis defines how distinctive the values of an independent variable will influence a unique structured variable within a given set of assumptions [3][4][5]. In this research work, the threshold (values of α and β) is assumed as 0.5. The range of α and β lies in between zero and one. Deviations due to the values of α and β are depicted in Table 11. The graphical representations of the variation are shown in Figure 8. Table 11. Sensitivity analysis. The deviations show the insignificant difference between results, which gives the most optimistic and generalized results. Table 11 and Figure 8 present the fluctuations in results. It is seen from the analysis that the results of sustainable-security depend upon α and β values and the results are highly correlated. To show the statistical significance between the results, the last row of Table 11 shows the Pearson's correlation coefficient between the results. The inference focuses on supplying suggestions to developers for enhancing the proficiency and effectivity of sustainable-security of the web application. The deviations show the insignificant difference between results, which gives the most optimistic and generalized results. Table 11 and Figure 8 present the fluctuations in results. It is seen from the analysis that the results of sustainable-security depend upon α and β values and the results are highly correlated. To show the statistical significance between the results, the last row of Table 11 shows the Pearson's correlation coefficient between the results. The inference focuses on supplying suggestions to developers for enhancing the proficiency and effectivity of sustainable-security of the web application.

Results through Classical-AHP
After estimating the sustainable-security of web applications with the Fuzzy-AHP technique, the classical-AHP method was also used in this section to prove the accuracy of the whole assessments and outcomes. AHP is a useful resource for resolving unstructured issues in economics, and social and information sciences [38,40]. In classical-AHP, the manner of records collection and assessment identical to the Fuzzy-AHP, but the sole distinction is that no fuzzification and defuzzification are required. Therefore, the information is taken in its original shape for classical-AHP. Further, according to the set of sustainable-security factors through the hierarchy, the relative independent weights and priorities of each set of factors have been depicted in Tables 12-15.

Results through Classical-AHP
After estimating the sustainable-security of web applications with the Fuzzy-AHP technique, the classical-AHP method was also used in this section to prove the accuracy of the whole assessments and outcomes. AHP is a useful resource for resolving unstructured issues in economics, and social and information sciences [38,40]. In classical-AHP, the manner of records collection and assessment identical to the Fuzzy-AHP, but the sole distinction is that no fuzzification and defuzzification are required. Therefore, the information is taken in its original shape for classical-AHP. Further, according to the set of sustainable-security factors through the hierarchy, the relative independent weights and priorities of each set of factors have been depicted in Tables 12-15.  Table 12 shows the local weights of security and sustainability through classical-AHP. Figure 9 shows a graphical representation of the local weights of level 1 factors. Table 13 shows the local weights of level 2 factors, which are Confidentiality, integrity, and availability. Among these, availability has the highest weight. Figure 10 shows the graphical representation of second-level factors. Table 14 shows the local weights of level 2 factors. Among these, perdurability has the highest weight for improving the whole sustainable-security. Figure 11 shows the graphical representation of second level factors. Table 15 shows the local weights of level 3 factors. Among these, portability has the highest weight for improving the whole sustainable-security. Figure 12 shows the graphical representation of third level factors. According to the hierarchy, Table 16 and Figure 13 show the dependent weights and an overall ranking of the hierarchy. Also, the results of all weights after applying it to project 1 and 2 are depicted in the Table 16.          Table 12 shows the local weights of security and sustainability through classical-AHP. Figure 9 shows a graphical representation of the local weights of level 1 factors. Table 13 shows the local weights of level 2 factors, which are Confidentiality, integrity, and availability. Among these, availability has the highest weight. Figure 10 shows the graphical representation of second-level factors. Table 14 shows the local weights of level 2 factors. Among these, perdurability has the highest weight for improving the whole sustainable-security. Figure 11 shows the graphical representation of second level factors. Table 15 shows the local weights of level 3 factors. Among these, portability has the highest weight for improving the whole sustainable-security. Figure 12 shows the graphical representation of third level factors. According to the hierarchy, Table 16 and Figure 13 show the dependent weights and an overall ranking of the hierarchy. Also, the results of all weights after applying it to project 1 and 2 are depicted in the Table 16.     Table 12 shows the local weights of security and sustainability through classical-AHP. Figure 9 shows a graphical representation of the local weights of level 1 factors. Table 13 shows the local weights of level 2 factors, which are Confidentiality, integrity, and availability. Among these, availability has the highest weight. Figure 10 shows the graphical representation of second-level factors. Table 14 shows the local weights of level 2 factors. Among these, perdurability has the highest weight for improving the whole sustainable-security. Figure 11 shows the graphical representation of second level factors. Table 15 shows the local weights of level 3 factors. Among these, portability has the highest weight for improving the whole sustainable-security. Figure 12 shows the graphical representation of third level factors. According to the hierarchy, Table 16 and Figure 13 show the dependent weights and an overall ranking of the hierarchy. Also, the results of all weights after applying it to project 1 and 2 are depicted in the Table 16.    The eleven evaluative criteria are weighted as follows, security (0.3053), sustainability (0.6947) confidentiality (0.0515), integrity (0.0942), availability (0.1595), energy consumption (0.1110), web based resource optimization (0.2211), perdurability (0.3626), reliability (0.0538), maintainability (0.1099), and portability (0.1990), of which availability is most significant for sustainable-security of web application. The impact of sustainable-security in different alternatives is determined as follows.

Comparison between Results
The difference between the impacts of sustainable-security of web applications through fuzzy-AHP and classical-AHP techniques is negligible as shown in Table 17; Figure 14 shows the graphical representation of the difference between the results. The results show the A7 has highly sustainable-security, i.e., version 2 of online quiz competition web application.

Comparison between Results
The difference between the impacts of sustainable-security of web applications through fuzzy-AHP and classical-AHP techniques is negligible as shown in Table 17; Figure 14 shows the graphical representation of the difference between the results.

Sustainable-Security
Fuzzy AHP AHP Figure 14. Disparity between the outcomes through Fuzzy-AHP and classical-AHP.
As evident from the results, fuzzy-AHP and classical-AHP strategies have extraordinary procedures. Also, the outcomes are unique, yet fundamentally the same. This empirical work has taken the Pearson's Correlation Method [40] for assessing the correlation between outcomes. The correlation coefficient shows the impact of the relationship between two values. The scale lies between −1 and +1 [43]. The value near to −1 shows the lower bonding between values, and the value near to +1 shows the tighter bonding between values. The Pearson correlation between the results of Fuzzy-AHP and AHP is 0.9935, which shows the strong correlation between the results achieved.
As given in Table 17, the results with different approaches with same dataset have been obtained, and these results show that the correlation between the results of Fuzzy-AHP and AHP is highly correlated. Further, the results also show that the covered factors of sustainable-security and their contribution to efficient sustainable-security are remarkable. Alka Agrawal et al. recently published an article in which they assessed sustainable-security [44]. This article contained first-level factors of security pillars in which three were CIA and one was perdurability. These factors were not very balanced because only one factor of sustainability was taken in that work.
In addition, according to the experts of Cigniti Solutions, sustainable-security depends fully on its contributing factors [45]. Therefore, in the current paper, the authors have taken sustainability as a contributor in the first level of hierarchy, which improvises the results in the end. Additionally, for testing the results, Alka Agrawal et al. took six alternatives only, whereas this paper takes ten alternatives of a web application, which verifies the results. According to Alka Agrawal et al., perdurability was important, whereas, according to this work, Sustainability at first level and Web based Resource Optimization at second level are the most important attributes among all for maintaining sustainable-security of web applications.

Discussion
As web applications adapt to current requirements, their use and unpredictability are both slowly developing. Furthermore, exponential development in security attacks requires the creation of web applications that empower high security with sustainability. Security has invariably become one of the most critical quality factors currently and is attracting the consideration of web application originators as well as end users. The aim of this research has been to evaluate the sustainable-security of web applications at the early stage of their development life cycle. As appraisal is the best way to accomplish sustainable-security, this research paper integrates security as well as sustainability factors and evaluates sustainable-security. The resulting impact of the investigations cited in the paper will assist developers in sustainable-security with web application during its development.
There are several distinctive security models that measure security and sustainability exclusively; however, an approach or a dedicated model that coordinates security and sustainability in a solitary column utilizing Fuzzy-AHP and other MCDM strategies is essentially more economical. The model proposed here will assist with assessing the sustainable-security of web applications and improving the environmental and economic sustainability surplus to meeting the clients' needs. In this contribution, the authors have examined nine sustainable-security factors that can be integrated during web application development.
A majority of agencies distinguish between the quickly altering enterprise and regulatory demands to alter how protection (basically preserving CIA) is managed and sustainability is maintained at some point of the web application development process. To improve the power of security sustainability of the web application, the proposed work offers quantitative assessment. The proposed hierarchical shape of sustainable-security helps elucidate the relation between the factors which make contributions to sustainable-security in the course of the web application development process.
In this paper, the authors have taken two web applications and compiled expert's opinions about the contributing sustainability and security factors of the particular web application. Data collated from the experts is compiled by way of Fuzzy-AHP and, further, the results are validated by the classical-AHP method. Findings and pros of this work are summarized below.

•
The attributes taken in this study are common to each and every web application security. Therefore, the assessment done with its perspective would be helpful to the developers globally.

•
Symmetrically arranging the attributes of sustainable-security is important for achieving high sustainability with security; therefore, these results will help developers to develop a framework with important attributes contributing toward sustainable-security.

•
Assessing sustainable-security will enhance economic, social, and environmental sustainability along with increasing user satisfaction, thus, providing secure web application for the end user. • Sustainability and perdurability are highly significant for sustainable-security to enhance the overall sustainability of web application.

•
MCDM techniques, such as Fuzzy-AHP, have been proven to supply highly accurate outcomes compared with AHP; as a result, it emerges as a desirable hybrid approach to estimate sustainable-security for web applications.

•
The quantitative findings will help software development teams consider higher prioritized factors of sustainable-security while designing web applications to develop applications with sustainable-security.

•
Sustainability is an emerging problem of this decade and should be given foremost priority by developers. The findings herein will help to design a roadmap for software designers to handle the problem of sustainable-security of web applications.

•
During the analysis of results, two variables played an important role, which is α (preferences) and β (error tolerance of experts). To show the variances of results, sensitivity analysis has been done considering α and β as sensitive variables.

•
For statistical validation, the correlation coefficient is calculated. It ranges near 1 and therefore proves that the strength of the bond between the results of Fuzzy-AHP and classical AHP are negligible.
From the discussion, it is clear that the assessment of sustainable-security is significant and vital in its own way. Still, this assessment may have some limitations that can be overcome in the future work. The limitations of the results are as follows.

•
The data collected for web applications are significant but is taken from a small sample. The results may vary if the data is taken from a larger sample.

•
There might be more sustainability and security factors other than those identified in this work. Results of sustainable-security impact may change as per the number of factors.

Conclusions
In the current work, sustainability and security factors are diagnosed and the sustainable-security of the web application is investigated. Estimation of sustainable-security is a multi-criteria decision problem, and because of this we used Fuzzy-AHP technique to assess sustainable-security. Also, the classical-AHP method is used to validate the results. Most essential elements with respect to weights have additionally been evaluated. It has been concluded by both techniques used (Fuzzy-AHP and classical-AHP) that sustainability is the most important aspect among the nine essential sustainable-security factors. To improve sustainable-security, software designers and practitioners need to focus on sustainability and perdurability for ensuring sustainable-security and web application services.