Security strategy for vulnerabilities prevention in the development of web applications
In recent years, Higher Education Institutions through their Systems departments have strengthened security for the development of applications on web environment, because of their vulnerability to possible computer attacks. This research proposes a security strategy to reduce the risk presented by...
- Autores:
-
Vargas, S
Vera, M
Rodríguez, J
- Tipo de recurso:
- Fecha de publicación:
- 2019
- Institución:
- Universidad Simón Bolívar
- Repositorio:
- Repositorio Digital USB
- Idioma:
- eng
- OAI Identifier:
- oai:bonga.unisimon.edu.co:20.500.12442/5075
- Acceso en línea:
- https://hdl.handle.net/20.500.12442/5075
- Palabra clave:
- Web environment
Security policy
- Rights
- License
- Attribution-NonCommercial-NoDerivatives 4.0 Internacional
| id |
USIMONBOL2_aecfcff39f197f8585efd5a1b0043223 |
|---|---|
| oai_identifier_str |
oai:bonga.unisimon.edu.co:20.500.12442/5075 |
| network_acronym_str |
USIMONBOL2 |
| network_name_str |
Repositorio Digital USB |
| repository_id_str |
|
| dc.title.eng.fl_str_mv |
Security strategy for vulnerabilities prevention in the development of web applications |
| title |
Security strategy for vulnerabilities prevention in the development of web applications |
| spellingShingle |
Security strategy for vulnerabilities prevention in the development of web applications Web environment Security policy |
| title_short |
Security strategy for vulnerabilities prevention in the development of web applications |
| title_full |
Security strategy for vulnerabilities prevention in the development of web applications |
| title_fullStr |
Security strategy for vulnerabilities prevention in the development of web applications |
| title_full_unstemmed |
Security strategy for vulnerabilities prevention in the development of web applications |
| title_sort |
Security strategy for vulnerabilities prevention in the development of web applications |
| dc.creator.fl_str_mv |
Vargas, S Vera, M Rodríguez, J |
| dc.contributor.author.none.fl_str_mv |
Vargas, S Vera, M Rodríguez, J |
| dc.subject.eng.fl_str_mv |
Web environment Security policy |
| topic |
Web environment Security policy |
| description |
In recent years, Higher Education Institutions through their Systems departments have strengthened security for the development of applications on web environment, because of their vulnerability to possible computer attacks. This research proposes a security strategy to reduce the risk presented by the web applications developed in the systems department of the Simón Bolívar University, in San José de Cúcuta, Colombia, based on a diagnosis of the current state of its security policy compared to other institutions of the department of Norte de Santander, the analysis of current regulations and the state of the art of security in web applications, as an object of study. This strategy of safe web software development arises in order to establish the security parameters that should be applied by the web software developers of the Institution, shielding the developed applications and thus guaranteeing the integrity of the information that is manipulated through them. The strategy was validated through expert judgment in the field of web application development, emphasizing the importance of applying it to prevent vulnerabilities in institutional web software and thus provide greater reliability in the management of information. |
| publishDate |
2019 |
| dc.date.issued.none.fl_str_mv |
2019 |
| dc.date.accessioned.none.fl_str_mv |
2020-03-27T03:49:30Z |
| dc.date.available.none.fl_str_mv |
2020-03-27T03:49:30Z |
| dc.type.eng.fl_str_mv |
article |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_6501 |
| dc.type.driver.eng.fl_str_mv |
article |
| dc.identifier.issn.none.fl_str_mv |
17426596 |
| dc.identifier.uri.none.fl_str_mv |
https://hdl.handle.net/20.500.12442/5075 |
| identifier_str_mv |
17426596 |
| url |
https://hdl.handle.net/20.500.12442/5075 |
| dc.language.iso.eng.fl_str_mv |
eng |
| language |
eng |
| dc.rights.*.fl_str_mv |
Attribution-NonCommercial-NoDerivatives 4.0 Internacional |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| dc.rights.uri.*.fl_str_mv |
http://creativecommons.org/licenses/by-nc-nd/4.0/ |
| rights_invalid_str_mv |
Attribution-NonCommercial-NoDerivatives 4.0 Internacional http://creativecommons.org/licenses/by-nc-nd/4.0/ http://purl.org/coar/access_right/c_abf2 |
| dc.format.mimetype.eng.fl_str_mv |
pdf |
| dc.publisher.eng.fl_str_mv |
IOP Publishing |
| dc.source.eng.fl_str_mv |
Journal of Physics: Conference Series Vol. 1414 (2019) |
| institution |
Universidad Simón Bolívar |
| dc.source.uri.eng.fl_str_mv |
https://iopscience.iop.org/article/10.1088/1742-6596/1414/1/012017 |
| bitstream.url.fl_str_mv |
https://bonga.unisimon.edu.co/bitstreams/2a8538bd-63de-4553-ab92-a52f9c8894e1/download https://bonga.unisimon.edu.co/bitstreams/661ed81c-82bc-4ce8-9285-3a9945ad55d7/download https://bonga.unisimon.edu.co/bitstreams/6875e788-8fe0-492f-a712-ce61b2cbcec6/download https://bonga.unisimon.edu.co/bitstreams/f4e5e5a5-578c-4d52-ad69-526a8a6c734e/download https://bonga.unisimon.edu.co/bitstreams/c25b9e83-37a2-42cc-b27e-c694bbcbff1f/download https://bonga.unisimon.edu.co/bitstreams/7bfadc37-9719-4bc4-a47e-59c8cf659a81/download https://bonga.unisimon.edu.co/bitstreams/b72a1111-5f2f-45d7-b30d-9693689cafa1/download |
| bitstream.checksum.fl_str_mv |
030494b6af14150480e698c029b7c7a6 733bec43a0bf5ade4d97db708e29b185 4460e5956bc1d1639be9ae6146a50347 e75faea2db98d68c1d81b2d4ab143f8a 82b4fad933858917e762772364243b30 193b5ee9685e3b7c4e588fb2189fd8be b1743d1a8c229f58d3273aed9fb7c369 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Digital Universidad Simón Bolívar |
| repository.mail.fl_str_mv |
repositorio.digital@unisimon.edu.co |
| _version_ |
1812100508423290880 |
| spelling |
Vargas, Sb210b9ad-a4c4-499d-b415-6941d69678ddVera, M847eada8-99d3-4ff1-a613-ae3f62c30f9eRodríguez, Jf1305aa2-c36e-431b-aeae-cd767d0219f12020-03-27T03:49:30Z2020-03-27T03:49:30Z201917426596https://hdl.handle.net/20.500.12442/5075In recent years, Higher Education Institutions through their Systems departments have strengthened security for the development of applications on web environment, because of their vulnerability to possible computer attacks. This research proposes a security strategy to reduce the risk presented by the web applications developed in the systems department of the Simón Bolívar University, in San José de Cúcuta, Colombia, based on a diagnosis of the current state of its security policy compared to other institutions of the department of Norte de Santander, the analysis of current regulations and the state of the art of security in web applications, as an object of study. This strategy of safe web software development arises in order to establish the security parameters that should be applied by the web software developers of the Institution, shielding the developed applications and thus guaranteeing the integrity of the information that is manipulated through them. The strategy was validated through expert judgment in the field of web application development, emphasizing the importance of applying it to prevent vulnerabilities in institutional web software and thus provide greater reliability in the management of information.pdfengIOP PublishingAttribution-NonCommercial-NoDerivatives 4.0 Internacionalhttp://creativecommons.org/licenses/by-nc-nd/4.0/http://purl.org/coar/access_right/c_abf2Journal of Physics: Conference SeriesVol. 1414 (2019)https://iopscience.iop.org/article/10.1088/1742-6596/1414/1/012017Web environmentSecurity policySecurity strategy for vulnerabilities prevention in the development of web applicationsarticlearticlehttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_6501Canedo G, Flores M, Hill A, Martinez M, Papaleo M, Soarez N and Targetta C 2017 Secure coding practices guide (Lisbon: OWASP foundation)Bermejo J R 2014 Assessment methodology of web applications automatic security analysis tools for adaptation in the development life cycle (Madrid: Universidad Nacional de Educación a Distancia)Goseva-Popstojanova K and Perhinschi A 2015 On the capability of static code analysis to detect security vulnerabilities Information and Software Technology 68 18Daud M I 2010 Secure software development model: A guide for secure software life cycle International Multi Conference of Engineers and Computer Scientists (Hong Kong: IMECS) p 17Hope P and White P 2007 Software security requirements the foundation for security (Dulles: Cigital Inc.)Common Criteria for Information Technology Security Evaluation 2005 Part 2: Security functional requirements, version 2.3 (United States and other countries: Common Criteria)Smith M and Dehlinger J 2014 Enabling static security vulnerability analysis in PHP applications for novice developers with SSVChecker Conference on Research in Adaptive and Convergent Systems (New York: ACM DL) p 278Okubo T and Tanaka H 2008 Web security patterns for analysis and design 15th Conference on Pattern Languages of Programs (Nashville: ACM DL) p 25Mundada Y, Feamster N and Krishnamurthy B 2016 Half-baked cookies: Hardening cookie-based authentication for the modern web 11th ACM on Asia Conference on Computer and Communications Security (New York: ACM DL) p 675Neville-Neil G V 2007 Building secure web applications ACM Queue 5 22Li X and Xue Y 2014 A survey on server-side approaches to securing web applications ACM Computer Surveys 46 54Cao Y, Li Z, Rastogi V, Chen Y and Wen X 2012 Virtual browser: A virtualized browser to sandbox thirdparty javascripts with enhanced security 7th ACM Symposium on Information, Computer and Communications Security (Seoul: ACM DL) p 8Mavromoustakos S, Patel A, Chaudhary K, Chokshi P and Patel S 2016 Causes and prevention of SQL injection attacks in web applications 4th International Conference on Information and Network Security (New York: ACM DL) p 55Yao D, Koglin Y, Bertino E and Tamassia R 2007 Decentralized authorization and data security in web content delivery ACM Symposium on Applied Computing (Seoul: ACM DL) p 1654Dowd M, McDonald J, Schuh J 2007 The art of software security assessment: Identifying and preventing software vulnerabilities (Mexico: Addison Wesley)Booch G, Jacobson I and Rumbaugh J 2000 El proceso unificado de desarrollo de software (Madrid: Addison Wesley)Ruiz R 2006 Historia y evolución del pensamiento científico (México: Martínez Coll Ediciones)Hernandez E 1999 Auditoría en informática (México: CECSA)ORIGINALPDF.pdfPDF.pdfPDFapplication/pdf705528https://bonga.unisimon.edu.co/bitstreams/2a8538bd-63de-4553-ab92-a52f9c8894e1/download030494b6af14150480e698c029b7c7a6MD51LICENSElicense.txtlicense.txttext/plain; charset=utf-8381https://bonga.unisimon.edu.co/bitstreams/661ed81c-82bc-4ce8-9285-3a9945ad55d7/download733bec43a0bf5ade4d97db708e29b185MD53CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8805https://bonga.unisimon.edu.co/bitstreams/6875e788-8fe0-492f-a712-ce61b2cbcec6/download4460e5956bc1d1639be9ae6146a50347MD52TEXTSecurity_Strategy_Prevention_WebApp.pdf.txtSecurity_Strategy_Prevention_WebApp.pdf.txtExtracted texttext/plain22967https://bonga.unisimon.edu.co/bitstreams/f4e5e5a5-578c-4d52-ad69-526a8a6c734e/downloade75faea2db98d68c1d81b2d4ab143f8aMD54PDF.pdf.txtPDF.pdf.txtExtracted texttext/plain23523https://bonga.unisimon.edu.co/bitstreams/c25b9e83-37a2-42cc-b27e-c694bbcbff1f/download82b4fad933858917e762772364243b30MD56THUMBNAILSecurity_Strategy_Prevention_WebApp.pdf.jpgSecurity_Strategy_Prevention_WebApp.pdf.jpgGenerated Thumbnailimage/jpeg1293https://bonga.unisimon.edu.co/bitstreams/7bfadc37-9719-4bc4-a47e-59c8cf659a81/download193b5ee9685e3b7c4e588fb2189fd8beMD55PDF.pdf.jpgPDF.pdf.jpgGenerated Thumbnailimage/jpeg3345https://bonga.unisimon.edu.co/bitstreams/b72a1111-5f2f-45d7-b30d-9693689cafa1/downloadb1743d1a8c229f58d3273aed9fb7c369MD5720.500.12442/5075oai:bonga.unisimon.edu.co:20.500.12442/50752024-08-14 21:53:47.598http://creativecommons.org/licenses/by-nc-nd/4.0/Attribution-NonCommercial-NoDerivatives 4.0 Internacionalopen.accesshttps://bonga.unisimon.edu.coRepositorio Digital Universidad Simón Bolívarrepositorio.digital@unisimon.edu.coPGEgcmVsPSJsaWNlbnNlIiBocmVmPSJodHRwOi8vY3JlYXRpdmVjb21tb25zLm9yZy9saWNlbnNlcy9ieS1uYy80LjAvIj48aW1nIGFsdD0iTGljZW5jaWEgQ3JlYXRpdmUgQ29tbW9ucyIgc3R5bGU9ImJvcmRlci13aWR0aDowO3dpZHRoOjEwMHB4OyIgc3JjPSJodHRwczovL2kuY3JlYXRpdmVjb21tb25zLm9yZy9sL2J5LW5jLzQuMC84OHgzMS5wbmciIC8+PC9hPjxici8+RXN0YSBvYnJhIGVzdMOhIGJham8gdW5hIDxhIHJlbD0ibGljZW5zZSIgaHJlZj0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbGljZW5zZXMvYnktbmMvNC4wLyI+TGljZW5jaWEgQ3JlYXRpdmUgQ29tbW9ucyBBdHJpYnVjacOzbi1Ob0NvbWVyY2lhbCA0LjAgSW50ZXJuYWNpb25hbDwvYT4u |