Estado del arte revisión sistemática de la seguridad orientada a Rest

Trabajo de Investigación

Autores:: Corredor-Ceballos, Nidia Estefanía

Tipo de recurso:: Trabajo de grado de pregrado

Fecha de publicación:: 2017

Institución:: Universidad Católica de Colombia

Repositorio:: RIUCaC - Repositorio U. Católica

Idioma:: spa

id	UCATOLICA2_a0e5fd5ab308aa024e10f4ef479c8d90
oai_identifier_str	oai:repository.ucatolica.edu.co:10983/15230
network_acronym_str	UCATOLICA2
network_name_str	RIUCaC - Repositorio U. Católica
repository_id_str
dc.title.spa.fl_str_mv	Estado del arte revisión sistemática de la seguridad orientada a Rest
title	Estado del arte revisión sistemática de la seguridad orientada a Rest
spellingShingle	Estado del arte revisión sistemática de la seguridad orientada a Rest SERVICIOS WEB REST SEGURIDAD SERVICIOS WEB VULNERABILIDAD
title_short	Estado del arte revisión sistemática de la seguridad orientada a Rest
title_full	Estado del arte revisión sistemática de la seguridad orientada a Rest
title_fullStr	Estado del arte revisión sistemática de la seguridad orientada a Rest
title_full_unstemmed	Estado del arte revisión sistemática de la seguridad orientada a Rest
title_sort	Estado del arte revisión sistemática de la seguridad orientada a Rest
dc.creator.fl_str_mv	Corredor-Ceballos, Nidia Estefanía
dc.contributor.advisor.spa.fl_str_mv	Martínez-Rojas, Mario
dc.contributor.author.spa.fl_str_mv	Corredor-Ceballos, Nidia Estefanía
dc.subject.armarc.spa.fl_str_mv	SERVICIOS WEB
topic	SERVICIOS WEB REST SEGURIDAD SERVICIOS WEB VULNERABILIDAD
dc.subject.proposal.spa.fl_str_mv	REST SEGURIDAD SERVICIOS WEB VULNERABILIDAD
description	Trabajo de Investigación
publishDate	2017
dc.date.accessioned.spa.fl_str_mv	2017-12-05T18:06:45Z
dc.date.available.spa.fl_str_mv	2017-12-05T18:06:45Z
dc.date.issued.spa.fl_str_mv	2017
dc.type.spa.fl_str_mv	Trabajo de grado - Pregrado
dc.type.coarversion.fl_str_mv	http://purl.org/coar/version/c_71e4c1898caa6e32
dc.type.coar.spa.fl_str_mv	http://purl.org/coar/resource_type/c_7a1f
dc.type.content.spa.fl_str_mv	Text
dc.type.driver.spa.fl_str_mv	info:eu-repo/semantics/bachelorThesis
dc.type.redcol.spa.fl_str_mv	https://purl.org/redcol/resource_type/TP
dc.type.version.spa.fl_str_mv	info:eu-repo/semantics/submittedVersion
format	http://purl.org/coar/resource_type/c_7a1f
status_str	submittedVersion
dc.identifier.citation.spa.fl_str_mv	Corredor-Ceballos, N. E. (2017). Estado del arte revisión sistemática de la seguridad orientada a Rest. Trabajo de Grado. Universidad Católica de Colombia. Facultad de Ingeniería. Programa de Ingeniería Civil. Bogotá, Colombia
dc.identifier.uri.spa.fl_str_mv	http://hdl.handle.net/10983/15230
identifier_str_mv	Corredor-Ceballos, N. E. (2017). Estado del arte revisión sistemática de la seguridad orientada a Rest. Trabajo de Grado. Universidad Católica de Colombia. Facultad de Ingeniería. Programa de Ingeniería Civil. Bogotá, Colombia
url	http://hdl.handle.net/10983/15230
dc.language.iso.spa.fl_str_mv	spa
language	spa
dc.relation.references.spa.fl_str_mv	K. HAUPT, Florian. LEYMANN, Frank. SCHERER, Anton . VUKOJEVIC-HAUPT, “A Framework for the Structural Analysis of REST APIs,” 2017 IEEE International Conference on Software Architecture (ICSA), pp. 55–58, 2017. B. Mehta, “Arquitectura REST,” RESTful Java Patterns and Best Practices. [Online]. Available: https://www.packtpub.com/mapt/book/Application+Development/9781783287963/3/ch03lvl1sec26/REST+architecture+components. [Accessed: 06-May-2017]. B. S. M. Arezoo, MIRTALEBI, “A Cryptography Approach on Security Layer of Web Service,” 2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT), p. 1.5, 2016 J. Y. C. YOUNG Su Jang, “Detecting SQL injection attacks using query result size,” En: Computers & Security, vol. 44, pp. 104–118, Apr-2014. S. S. KAR Debabrata, PANIGRAHI Suvasini, “SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM,” En: Computers & Security, vol. 60, pp. 206–225, 2016. S. A. ZAMANI Mazdak, MANAF Azizah Abd., “A Taxonomy of SQL Injection Detection and Prevention Techniques,” En: IEEE 2013 International Conference on Informatics and Creative Multimedia, pp. 53–56, 2013 R. S. R. S. K. NANHAY SINGH Mohit Dayal, “SQL Injection: Types, Methodology, Attack Queries and Prevention,” En: IEEE 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2872–2876, 2016 B. L. APPELT Dennis, NGUYEN Cu D., “Behind an Application Firewall, Are we safe from SQL Injection Attacks?,” En: 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), pp. 1–10, 2015. N. P. HANMANTHU B., RAM B. Raghu, “SQL Injection Attacks Prevention Based on Decision Tree Classification,” En: IEEE Sponsored 9th International Conference on Intelligent Systems and Control (ISCO) 2015, pp. 1–5, 2015 SRIVASTAVA Mahima, “Algorithm to Prevent Back End Database against SQL Injection Attacks,” En: IEEE 2014 International Conference on Computing for Sustainable Global Development (INDIACom), pp. 754–757, 2014 P. O. HULUKA Daniel, “Root Cause Analysis of Session Management and Broken Authentication Vulnerabilities,” En: IEEE World Congress on Internet Security (WorldCIS-2012), 2012 T. P. DACOSTA Italo, CHAKRADEO Saurabh, AHAMAD Mustaque, “One time cookies: Preventing session hijacking attacks with stateless authentication tokens,” En: ACM Transactions on Internet Technology (TOIT), vol. 12, 2012. S. K. R. NAGARAJA Arun, “A Session Key Utilization Based Approach For Memory Management in Wireless Networks,” En: ACM ICEMIS ’15 Proceedings of the The International Conference on Engineering & MIS 2015, 2014. A. K. G. RAHUL Kumar, INDRAVENI K, “Automated Session Fixation Vulnerability Detection in Web Applications using the Set-Cookie HTTP response header in cookies,” En: ACM SIN ’14 Proceedings of the 7th International Conference on Security of Information and Networks, 2014. G. S. CHAUDHARY Pooja, GUPTA B.B., “Cross-Site Scripting (XSS) Worms in Online Social Network (OSN): Taxonomy and Defensive Mechanisms,” En: 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2131–2136, 2016. T. H. BAOJIANG Cui, BAOLIAN Long, “Reverse Analysis Method of Static XSS Defect Detection Technique Based on Database Query Language,” En: IEEE 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computin, pp. 487–491, 2014 G. B. B. GUPTA Shashank, “Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment,” En: ScienceDirect Procedia Technology, pp. 1595–1602, 2016. S. S. V. Sharath Chandra, “BIXSAN: Browser Independent XSS Sanitizer for prevention of XSS attacks,” En: ACM SIGSOFT Software Engineering Notes, pp. 1–7, Sep-2011. S. S. V. Sharath Chandra, “BIXSAN: Browser Independent XSS Sanitizer for prevention of XSS attacks,” En: ACM SIGSOFT Software Engineering Notes, pp. 1–7, Sep-2011. S. L. YU You, YANG Yuanyuan, GU Jian, “Analysis and suggestions for the Security of Web Applications,” IEn: EEE 2011 International Conference on Computer Science and Network Technology, 2011. W. K. ESHETE Birhanu, VILLAFIORITA Adolfo, “Early Detection of Security Misconfiguration Vulnerabilities in Web Applications,” En: IEEE 2011 Sixth International Conference on Availability, Reliability and Security, pp. 169–174, 2011. F. E. B. SULATYCKI Rohini, “Two threat patterns that exploit ‘Security misconfiguration’ and ‘Sensitive data exposure’ vulnerabilities,” En: ACM EuroPLoP ’15 Proceedings of the 20th European Conference on Pattern Languages of Programs, 2015 R. M. K. BAUER Lujo, GARRISS Scott, “Detecting and Resolving Policy Misconfigurations in Access-Control Systems,” En: ACM Transactions on Information and System Security (TISSEC), 2011. B. E. SHU Xiaokui, YAO Danfeng, “Privacy-Preserving Detection of Sensitive Data Exposure,” En: Privacy-Preserving Detection of Sensitive Data Exposure, vol. 10, no. 5, pp. 1092–1103, 2015 M. G. TK Ashwin Kumar, LIU Hong, THOMAS Johnson P, “Identifying Sensitive Data Items within Hadoop,” En: 2015 IEEE 12th International Conf on Embedded Software and Systems (ICESS), pp. 1308–1313, 2015. R. I. HABEEB Omotunde, “Mitigating SQL Injection Attacks Via Hybrid Threat Modelling,” En: 2015 2nd International Conference on Information Science and Security (ICISS), pp. 1–4, 2015 M. A. SADEGHIAN Amirmohammad, ZAMANI Mazdak, “A taxonomy of SQL Injection Attacks,” En IEEE 2013 Int. Conf. Informatics Creat. Multimed., pp. 269–273, 2013 S. T. P. DEEPA G., “Securing Web Applications from injection and Logic Vulnerabilities Approaches and Challenges,” En: ScienceDirect - Information and Software Technology, vol. 74, pp. 160–180, 2016. B. D. BURSZTEIN Elie, SOMAN Chinmay, “SessionJuggler: Secure Web Login From an Untrusted Terminal Using Session Hijacking,” En: ACM WWW’12 Proceedings of the 21st international conference on World Wide Web, pp. 321–330, 2012. N. U. T. FAGHANI Mohammad Reza, “A Study of XSS Worm Propagation and Detection Mechanisms in Online Social Networks,” En: IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, pp. 1815–1826, 2013. G. A. MALVIYA Vikas K., SAURAV Saket, “On Security Issues in Web Applications through Cross Site Scripting (XSS),” En: IEEE 2013 20th Asia-Pacific Software Engineering Conference, pp. 583–588, 2013 Y. P. YING Zhao, “Modeling the Propagation of XSS Worm on Social Networks,” En: 2013 IEEE Globecom Workshops (GC Wkshps), pp. 207–210, 2013. P. S. RAHUL Johari, “A Survey On Web Application Vulnerabilities (SQLIA,XSS) Exploitation and Security Engine for SQL Injection,” En: IEEE 2012 International Conference on Communication Systems and Network Technologies, 2012 S. M. KOIZUMI Daiki, MATSUDA Takeshi, “On the Automatic Detection Algorithm of Cross Site Scripting (XSS) with the Non-Stationary Bernoulli Distribution,” En: IEEE The 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), pp. 131–135, 2012. “Ataque referencia insegura a objetos.” [Online]. Available: http://slideplayer.es/slide/5966797/. [Accessed: 06-May-2017]. APLICACIONES WEB DE LA SUPERINTENDENCIA DE BANCOS Y SEGUROS, UTILIZANDO LAS RECOMENDACIONES TOP TEN DE OWASP,” En: Repositorio Institucional de la Universidad de las Fuerzas Armadas ESPE, 2014 S. M. FAHL Sascha, ACAR Yasemin, PERL Henning, “Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations,” En: ACM ASIA CCS ’14 Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014. P. S. XU Tianyin, ZHANG Jiaqi, HUANG Peng, ZHENG Jing, SHENG Tianwei, YUAN Ding, ZHOU Yuanyuan, “Do not blame users for misconfigurations,” En: SOSP ’13 Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, pp. 244–259, 2013. T. R. CASALINO Matteo Maria, “Refactoring Multi-Layered Access Control Policies Through (De)Composition,” En: IEEE Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013), pp. 243–250, 2013 S. C. BAUER Lujo, LIANG Yuan, REITER Michael K., “Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies,” En: CODASPY ’12 Proceedings of the second ACM conference on Data and Application Security and Privacy, pp. 95–104, 2012. B. A. R. LIU Fang, SHU Xiaokui, YAO Danfeng, “Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce,” En: CODASPY ’15 Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 195–206, 2015. O. T. J. A. TOAPANTA TOAPANTA Segundo Moisés, MAFLA GALLEGOS Luis Enrique, “Analysis to define management of identities access control of security processes for the registration civil from Ecuador,” En: 2016 IEEE International Smart Cities Conference (ISC2), pp. 1–4, 2016. L. J. LI Xiong, NIU Jianwei, KHAN Muhammad Khurram, “Robust biometrics based three-factor remote user authentication scheme with key agreement,” En: Robust biometrics based three-factor remote user authentication scheme with key agreement, pp. 105–110, 2013. A. D. FARAH Tanjila, SHOJOL Moniruzzaman, HASSAN Maruf, “Assessment of vulnerabilities of web applications of Bangladesh: A case study of XSS & CSRF,” En: 2016 Sixth International Conference on Digital Information and Communication Technology and its Applications (DICTAP), pp. 74–78, 2016 R. J. ALQAHTANI Sultan S., EGHAN Ellis E., “SV-AF – A Security Vulnerability Analysis Framework,” En: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 219–229, 2016. A. I. F. ALVAREZ E. Danny, CORREA B. Daniel, “An Analysis of XSS, CSRF and SQL Injection In Colombian Software And Web Site Development,” En: 2016 8th Euro American Conference on Telematics and Information Systems (EATIS), pp. 1–5, 2016. W. H. J. CZESKIS Alexei, MOSHCHUK Alexander, KOHNO Tadayoshi, “Lightweight Server Support for Browser-Based CSRF Protection,” En: ACM WWW ’13 Proceedings of the 22nd international conference on World Wide Web, pp. 273–284, 2013 T. R. KIRCHMAYR Wilhelm, MOSER Michael, NOCKE Ludwig, PICHLER Josef, “Integration of Static and Dynamic Code Analysis for Understanding Legacy Source Code,” En: Integration of Static and Dynamic Code Analysis for Understanding Legacy Source Code, pp. 543–552, 2016 R. N. A. KADAR Rozita, SYED MOHAMAD Sharifah Mashita, “Semantic-Based Extraction Approach for Generating Source Code Summary Towards Program Comprehension,” En: IEEE 2015 9th Malaysian Software Engineering Conference, no. 129–134, 2015. C. J. CHEN Chen, BAI Lin, YANG Yehua, “Identifying Outdated Requirements Based on Source Code Changes,” En: Requirements Engineering Conference (RE), 2012 20th IEEE International, pp. 61–70, 2012 W. H. WANG Jing, “URFDS: Systematic Discovery of Unvalidated Redirects and Forwards in Web Application,” En: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 697–698, 2015 B. D. CARVAJAL Carlos, “Extensión de taxonomía y tratamiento de valores faltantes sobre un repositorio de incidentes de seguridad informática,” En: Revista Ingeniería, vol. 18, no. 1, Bogotá, pp. 24–49, May-2013 “Capítulo1. Seguridad Informática: Conceptos Básicos.” [Online]. Available: http://catarina.udlap.mx/u_dl_a/tales/documentos/lis/jerez_l_ca/capitulo1.pdf. “Certsi.” [Online]. Available: https://www.certsi.es/respuesta-incidentes/rediris/taxonomia J. E. M. Daza, “Revisión Sistemática.” [Online]. Available: http://download.docslide.net/documents/proceso-de-revision-sistematica.html. [Accessed: 19-May-2017]. N.-A. A. ZANDI Javad, “LRBAC: Flexible Function-Level Hierarchical Role Based Access Control for Linux,” En: IEEE 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 29–35, 2015. Federick B. Cohen, Protection and Security on the Information Superhighway, John Wiley & Sons, New York, Estados Unidos, 1995 Bayona Zulima Ortiz y Galindo Pulido Francisco Hacia una Taxonomía de Incidentes de Seguridad en Internet. [Online]. Disponible http://revistas.udistrital.edu.co/ojs/index.php/reving/article/view/2308/3126 William Stallings, Network and Internetwork Security Principles and Practice, Prentice Hall, Englewood Cliffs, NJ, USA, 1995 Howard, John D and Longstaff, Thomas A. A Common Language for Computer Security Incidents. SANDIA REPORT SAND98-8667 Unlimited Release Printed October 1998 Fielding, Roy Thomas, Architectural Styles and the Design of Network-based Software Architectures DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Information and Computer Science. 2000 W3C Consortium. Web Services Architecture. [En línea] 11 de Febrero de 2004. [Citado el: 25 de septiembre de 2017.] https://www.w3.org/TR/ws-arch/#whatis
dc.rights.spa.fl_str_mv	Derechos Reservados - Universidad Católica de Colombia, 2017
dc.rights.coar.fl_str_mv	http://purl.org/coar/access_right/c_abf2
dc.rights.accessrights.spa.fl_str_mv	info:eu-repo/semantics/openAccess
dc.rights.creativecommons.spa.fl_str_mv	Atribución-NoComercial-SinDerivadas 4.0 Internacional (CC BY-NC-ND 4.0)
dc.rights.uri.spa.fl_str_mv	https://creativecommons.org/licenses/by-nc-nd/4.0/
rights_invalid_str_mv	Derechos Reservados - Universidad Católica de Colombia, 2017 Atribución-NoComercial-SinDerivadas 4.0 Internacional (CC BY-NC-ND 4.0) https://creativecommons.org/licenses/by-nc-nd/4.0/ http://purl.org/coar/access_right/c_abf2
eu_rights_str_mv	openAccess
dc.format.mimetype.spa.fl_str_mv	application/pdf
dc.publisher.faculty.spa.fl_str_mv	Facultad de Ingeniería
dc.publisher.program.spa.fl_str_mv	Ingeniería de Sistemas y Computación
institution	Universidad Católica de Colombia
bitstream.url.fl_str_mv	https://repository.ucatolica.edu.co/bitstreams/f3262bbd-655f-42cd-96f5-fec004d486bb/download https://repository.ucatolica.edu.co/bitstreams/c20650e9-a926-4680-b0b6-82c03d935e71/download https://repository.ucatolica.edu.co/bitstreams/7e29ea4a-7d64-4fbd-be10-647a13406abc/download https://repository.ucatolica.edu.co/bitstreams/b84aa439-3e5f-41cd-bec5-17cc988070d5/download https://repository.ucatolica.edu.co/bitstreams/7017a9b3-de4f-4da2-8b49-50ed361a7e4a/download https://repository.ucatolica.edu.co/bitstreams/290f70ad-b238-4dce-bb4f-381c3a9a6542/download
bitstream.checksum.fl_str_mv	f4056f9f4c1d3ba0fb0650e0f8ae5e42 e32ee26a5effd93ef421c5f95b43f032 93951a21cac63a61861a86176b1d1d76 95991304caf34aeb3a443acb901981cc 5491c886bed4a8c7a2c9b0886f0e6250 038a6741ddc2fb5a306d8e6186444489
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5 MD5 MD5 MD5 MD5
repository.name.fl_str_mv	Repositorio Institucional Universidad Católica de Colombia - RIUCaC
repository.mail.fl_str_mv	bdigital@metabiblioteca.com
_version_	1814256425153593344
spelling	Martínez-Rojas, Mario8ebb27a3-790f-4a48-a595-0996b4cc592a-1Corredor-Ceballos, Nidia Estefanía0731c61d-1b3c-452b-abb1-9dc183719831-12017-12-05T18:06:45Z2017-12-05T18:06:45Z2017Trabajo de InvestigaciónSe analizaron los principales tipos de ataques informáticos, se describieron las vulnerabilidades más conocidas y los tipos de seguridad recomendados en los servicios Web REST, se hizo la revisión sistemática de las publicaciones que estudian los tipos de vulnerabilidad de Servicios Web REST y se clasificaron con base a una taxonomía de vulnerabilidades con el fin de detallar su estructura.PregradoIngeniero de SistemasINTRODUCCIÓN 1. SERVICIOS WEB REST 2. SEGURIDAD WEB 3. VULNERABILIDADES DE LOS SERVICIOS WEB 4. METODOLOGÍA 5. RESULTADOS 6. CONCLUSIONES 7. RECOMENDACIONES REFERENCIASapplication/pdfCorredor-Ceballos, N. E. (2017). Estado del arte revisión sistemática de la seguridad orientada a Rest. Trabajo de Grado. Universidad Católica de Colombia. Facultad de Ingeniería. Programa de Ingeniería Civil. Bogotá, Colombiahttp://hdl.handle.net/10983/15230spaFacultad de IngenieríaIngeniería de Sistemas y ComputaciónK. HAUPT, Florian. LEYMANN, Frank. SCHERER, Anton . VUKOJEVIC-HAUPT, “A Framework for the Structural Analysis of REST APIs,” 2017 IEEE International Conference on Software Architecture (ICSA), pp. 55–58, 2017.B. Mehta, “Arquitectura REST,” RESTful Java Patterns and Best Practices. [Online]. Available: https://www.packtpub.com/mapt/book/Application+Development/9781783287963/3/ch03lvl1sec26/REST+architecture+components. [Accessed: 06-May-2017].B. S. M. Arezoo, MIRTALEBI, “A Cryptography Approach on Security Layer of Web Service,” 2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT), p. 1.5, 2016J. Y. C. YOUNG Su Jang, “Detecting SQL injection attacks using query result size,” En: Computers & Security, vol. 44, pp. 104–118, Apr-2014.S. S. KAR Debabrata, PANIGRAHI Suvasini, “SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM,” En: Computers & Security, vol. 60, pp. 206–225, 2016.S. A. ZAMANI Mazdak, MANAF Azizah Abd., “A Taxonomy of SQL Injection Detection and Prevention Techniques,” En: IEEE 2013 International Conference on Informatics and Creative Multimedia, pp. 53–56, 2013R. S. R. S. K. NANHAY SINGH Mohit Dayal, “SQL Injection: Types, Methodology, Attack Queries and Prevention,” En: IEEE 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2872–2876, 2016B. L. APPELT Dennis, NGUYEN Cu D., “Behind an Application Firewall, Are we safe from SQL Injection Attacks?,” En: 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), pp. 1–10, 2015.N. P. HANMANTHU B., RAM B. Raghu, “SQL Injection Attacks Prevention Based on Decision Tree Classification,” En: IEEE Sponsored 9th International Conference on Intelligent Systems and Control (ISCO) 2015, pp. 1–5, 2015SRIVASTAVA Mahima, “Algorithm to Prevent Back End Database against SQL Injection Attacks,” En: IEEE 2014 International Conference on Computing for Sustainable Global Development (INDIACom), pp. 754–757, 2014P. O. HULUKA Daniel, “Root Cause Analysis of Session Management and Broken Authentication Vulnerabilities,” En: IEEE World Congress on Internet Security (WorldCIS-2012), 2012T. P. DACOSTA Italo, CHAKRADEO Saurabh, AHAMAD Mustaque, “One time cookies: Preventing session hijacking attacks with stateless authentication tokens,” En: ACM Transactions on Internet Technology (TOIT), vol. 12, 2012.S. K. R. NAGARAJA Arun, “A Session Key Utilization Based Approach For Memory Management in Wireless Networks,” En: ACM ICEMIS ’15 Proceedings of the The International Conference on Engineering & MIS 2015, 2014.A. K. G. RAHUL Kumar, INDRAVENI K, “Automated Session Fixation Vulnerability Detection in Web Applications using the Set-Cookie HTTP response header in cookies,” En: ACM SIN ’14 Proceedings of the 7th International Conference on Security of Information and Networks, 2014.G. S. CHAUDHARY Pooja, GUPTA B.B., “Cross-Site Scripting (XSS) Worms in Online Social Network (OSN): Taxonomy and Defensive Mechanisms,” En: 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2131–2136, 2016.T. H. BAOJIANG Cui, BAOLIAN Long, “Reverse Analysis Method of Static XSS Defect Detection Technique Based on Database Query Language,” En: IEEE 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computin, pp. 487–491, 2014G. B. B. GUPTA Shashank, “Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment,” En: ScienceDirect Procedia Technology, pp. 1595–1602, 2016.S. S. V. Sharath Chandra, “BIXSAN: Browser Independent XSS Sanitizer for prevention of XSS attacks,” En: ACM SIGSOFT Software Engineering Notes, pp. 1–7, Sep-2011.S. S. V. Sharath Chandra, “BIXSAN: Browser Independent XSS Sanitizer for prevention of XSS attacks,” En: ACM SIGSOFT Software Engineering Notes, pp. 1–7, Sep-2011.S. L. YU You, YANG Yuanyuan, GU Jian, “Analysis and suggestions for the Security of Web Applications,” IEn: EEE 2011 International Conference on Computer Science and Network Technology, 2011.W. K. ESHETE Birhanu, VILLAFIORITA Adolfo, “Early Detection of Security Misconfiguration Vulnerabilities in Web Applications,” En: IEEE 2011 Sixth International Conference on Availability, Reliability and Security, pp. 169–174, 2011.F. E. B. SULATYCKI Rohini, “Two threat patterns that exploit ‘Security misconfiguration’ and ‘Sensitive data exposure’ vulnerabilities,” En: ACM EuroPLoP ’15 Proceedings of the 20th European Conference on Pattern Languages of Programs, 2015R. M. K. BAUER Lujo, GARRISS Scott, “Detecting and Resolving Policy Misconfigurations in Access-Control Systems,” En: ACM Transactions on Information and System Security (TISSEC), 2011.B. E. SHU Xiaokui, YAO Danfeng, “Privacy-Preserving Detection of Sensitive Data Exposure,” En: Privacy-Preserving Detection of Sensitive Data Exposure, vol. 10, no. 5, pp. 1092–1103, 2015M. G. TK Ashwin Kumar, LIU Hong, THOMAS Johnson P, “Identifying Sensitive Data Items within Hadoop,” En: 2015 IEEE 12th International Conf on Embedded Software and Systems (ICESS), pp. 1308–1313, 2015.R. I. HABEEB Omotunde, “Mitigating SQL Injection Attacks Via Hybrid Threat Modelling,” En: 2015 2nd International Conference on Information Science and Security (ICISS), pp. 1–4, 2015M. A. SADEGHIAN Amirmohammad, ZAMANI Mazdak, “A taxonomy of SQL Injection Attacks,” En IEEE 2013 Int. Conf. Informatics Creat. Multimed., pp. 269–273, 2013S. T. P. DEEPA G., “Securing Web Applications from injection and Logic Vulnerabilities Approaches and Challenges,” En: ScienceDirect - Information and Software Technology, vol. 74, pp. 160–180, 2016.B. D. BURSZTEIN Elie, SOMAN Chinmay, “SessionJuggler: Secure Web Login From an Untrusted Terminal Using Session Hijacking,” En: ACM WWW’12 Proceedings of the 21st international conference on World Wide Web, pp. 321–330, 2012.N. U. T. FAGHANI Mohammad Reza, “A Study of XSS Worm Propagation and Detection Mechanisms in Online Social Networks,” En: IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, pp. 1815–1826, 2013.G. A. MALVIYA Vikas K., SAURAV Saket, “On Security Issues in Web Applications through Cross Site Scripting (XSS),” En: IEEE 2013 20th Asia-Pacific Software Engineering Conference, pp. 583–588, 2013Y. P. YING Zhao, “Modeling the Propagation of XSS Worm on Social Networks,” En: 2013 IEEE Globecom Workshops (GC Wkshps), pp. 207–210, 2013.P. S. RAHUL Johari, “A Survey On Web Application Vulnerabilities (SQLIA,XSS) Exploitation and Security Engine for SQL Injection,” En: IEEE 2012 International Conference on Communication Systems and Network Technologies, 2012S. M. KOIZUMI Daiki, MATSUDA Takeshi, “On the Automatic Detection Algorithm of Cross Site Scripting (XSS) with the Non-Stationary Bernoulli Distribution,” En: IEEE The 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), pp. 131–135, 2012.“Ataque referencia insegura a objetos.” [Online]. Available: http://slideplayer.es/slide/5966797/. [Accessed: 06-May-2017].APLICACIONES WEB DE LA SUPERINTENDENCIA DE BANCOS Y SEGUROS, UTILIZANDO LAS RECOMENDACIONES TOP TEN DE OWASP,” En: Repositorio Institucional de la Universidad de las Fuerzas Armadas ESPE, 2014S. M. FAHL Sascha, ACAR Yasemin, PERL Henning, “Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations,” En: ACM ASIA CCS ’14 Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014.P. S. XU Tianyin, ZHANG Jiaqi, HUANG Peng, ZHENG Jing, SHENG Tianwei, YUAN Ding, ZHOU Yuanyuan, “Do not blame users for misconfigurations,” En: SOSP ’13 Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, pp. 244–259, 2013.T. R. CASALINO Matteo Maria, “Refactoring Multi-Layered Access Control Policies Through (De)Composition,” En: IEEE Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013), pp. 243–250, 2013S. C. BAUER Lujo, LIANG Yuan, REITER Michael K., “Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies,” En: CODASPY ’12 Proceedings of the second ACM conference on Data and Application Security and Privacy, pp. 95–104, 2012.B. A. R. LIU Fang, SHU Xiaokui, YAO Danfeng, “Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce,” En: CODASPY ’15 Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 195–206, 2015.O. T. J. A. TOAPANTA TOAPANTA Segundo Moisés, MAFLA GALLEGOS Luis Enrique, “Analysis to define management of identities access control of security processes for the registration civil from Ecuador,” En: 2016 IEEE International Smart Cities Conference (ISC2), pp. 1–4, 2016.L. J. LI Xiong, NIU Jianwei, KHAN Muhammad Khurram, “Robust biometrics based three-factor remote user authentication scheme with key agreement,” En: Robust biometrics based three-factor remote user authentication scheme with key agreement, pp. 105–110, 2013.A. D. FARAH Tanjila, SHOJOL Moniruzzaman, HASSAN Maruf, “Assessment of vulnerabilities of web applications of Bangladesh: A case study of XSS & CSRF,” En: 2016 Sixth International Conference on Digital Information and Communication Technology and its Applications (DICTAP), pp. 74–78, 2016R. J. ALQAHTANI Sultan S., EGHAN Ellis E., “SV-AF – A Security Vulnerability Analysis Framework,” En: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 219–229, 2016.A. I. F. ALVAREZ E. Danny, CORREA B. Daniel, “An Analysis of XSS, CSRF and SQL Injection In Colombian Software And Web Site Development,” En: 2016 8th Euro American Conference on Telematics and Information Systems (EATIS), pp. 1–5, 2016.W. H. J. CZESKIS Alexei, MOSHCHUK Alexander, KOHNO Tadayoshi, “Lightweight Server Support for Browser-Based CSRF Protection,” En: ACM WWW ’13 Proceedings of the 22nd international conference on World Wide Web, pp. 273–284, 2013T. R. KIRCHMAYR Wilhelm, MOSER Michael, NOCKE Ludwig, PICHLER Josef, “Integration of Static and Dynamic Code Analysis for Understanding Legacy Source Code,” En: Integration of Static and Dynamic Code Analysis for Understanding Legacy Source Code, pp. 543–552, 2016R. N. A. KADAR Rozita, SYED MOHAMAD Sharifah Mashita, “Semantic-Based Extraction Approach for Generating Source Code Summary Towards Program Comprehension,” En: IEEE 2015 9th Malaysian Software Engineering Conference, no. 129–134, 2015.C. J. CHEN Chen, BAI Lin, YANG Yehua, “Identifying Outdated Requirements Based on Source Code Changes,” En: Requirements Engineering Conference (RE), 2012 20th IEEE International, pp. 61–70, 2012W. H. WANG Jing, “URFDS: Systematic Discovery of Unvalidated Redirects and Forwards in Web Application,” En: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 697–698, 2015B. D. CARVAJAL Carlos, “Extensión de taxonomía y tratamiento de valores faltantes sobre un repositorio de incidentes de seguridad informática,” En: Revista Ingeniería, vol. 18, no. 1, Bogotá, pp. 24–49, May-2013“Capítulo1. Seguridad Informática: Conceptos Básicos.” [Online]. Available: http://catarina.udlap.mx/u_dl_a/tales/documentos/lis/jerez_l_ca/capitulo1.pdf.“Certsi.” [Online]. Available: https://www.certsi.es/respuesta-incidentes/rediris/taxonomiaJ. E. M. Daza, “Revisión Sistemática.” [Online]. Available: http://download.docslide.net/documents/proceso-de-revision-sistematica.html. [Accessed: 19-May-2017].N.-A. A. ZANDI Javad, “LRBAC: Flexible Function-Level Hierarchical Role Based Access Control for Linux,” En: IEEE 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 29–35, 2015.Federick B. Cohen, Protection and Security on the Information Superhighway, John Wiley & Sons, New York, Estados Unidos, 1995Bayona Zulima Ortiz y Galindo Pulido Francisco Hacia una Taxonomía de Incidentes de Seguridad en Internet. [Online]. Disponible http://revistas.udistrital.edu.co/ojs/index.php/reving/article/view/2308/3126William Stallings, Network and Internetwork Security Principles and Practice, Prentice Hall, Englewood Cliffs, NJ, USA, 1995Howard, John D and Longstaff, Thomas A. A Common Language for Computer Security Incidents. SANDIA REPORT SAND98-8667 Unlimited Release Printed October 1998Fielding, Roy Thomas, Architectural Styles and the Design of Network-based Software Architectures DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Information and Computer Science. 2000W3C Consortium. Web Services Architecture. [En línea] 11 de Febrero de 2004. [Citado el: 25 de septiembre de 2017.] https://www.w3.org/TR/ws-arch/#whatisDerechos Reservados - Universidad Católica de Colombia, 2017info:eu-repo/semantics/openAccessAtribución-NoComercial-SinDerivadas 4.0 Internacional (CC BY-NC-ND 4.0)https://creativecommons.org/licenses/by-nc-nd/4.0/http://purl.org/coar/access_right/c_abf2SERVICIOS WEBRESTSEGURIDADSERVICIOS WEBVULNERABILIDADEstado del arte revisión sistemática de la seguridad orientada a RestTrabajo de grado - Pregradohttp://purl.org/coar/resource_type/c_7a1fTextinfo:eu-repo/semantics/bachelorThesishttps://purl.org/redcol/resource_type/TPinfo:eu-repo/semantics/submittedVersionhttp://purl.org/coar/version/c_71e4c1898caa6e32PublicationORIGINALRevisión sistemática de la seguridad orientada a REST.pdfRevisión sistemática de la seguridad orientada a REST.pdfapplication/pdf2673780https://repository.ucatolica.edu.co/bitstreams/f3262bbd-655f-42cd-96f5-fec004d486bb/downloadf4056f9f4c1d3ba0fb0650e0f8ae5e42MD51RAE.pdfRAE.pdfapplication/pdf302624https://repository.ucatolica.edu.co/bitstreams/c20650e9-a926-4680-b0b6-82c03d935e71/downloade32ee26a5effd93ef421c5f95b43f032MD52TEXTRevisión sistemática de la seguridad orientada a REST.pdf.txtRevisión sistemática de la seguridad orientada a REST.pdf.txtExtracted texttext/plain280547https://repository.ucatolica.edu.co/bitstreams/7e29ea4a-7d64-4fbd-be10-647a13406abc/download93951a21cac63a61861a86176b1d1d76MD53RAE.pdf.txtRAE.pdf.txtExtracted texttext/plain20638https://repository.ucatolica.edu.co/bitstreams/b84aa439-3e5f-41cd-bec5-17cc988070d5/download95991304caf34aeb3a443acb901981ccMD55THUMBNAILRevisión sistemática de la seguridad orientada a REST.pdf.jpgRevisión sistemática de la seguridad orientada a REST.pdf.jpgRIUCACimage/jpeg3455https://repository.ucatolica.edu.co/bitstreams/7017a9b3-de4f-4da2-8b49-50ed361a7e4a/download5491c886bed4a8c7a2c9b0886f0e6250MD54RAE.pdf.jpgRAE.pdf.jpgRIUCACimage/jpeg4477https://repository.ucatolica.edu.co/bitstreams/290f70ad-b238-4dce-bb4f-381c3a9a6542/download038a6741ddc2fb5a306d8e6186444489MD5610983/15230oai:repository.ucatolica.edu.co:10983/152302023-03-24 18:11:54.969https://creativecommons.org/licenses/by-nc-nd/4.0/Derechos Reservados - Universidad Católica de Colombia, 2017https://repository.ucatolica.edu.coRepositorio Institucional Universidad Católica de Colombia - RIUCaCbdigital@metabiblioteca.com

Estado del arte revisión sistemática de la seguridad orientada a Rest

Publicaciones similares