Security strategy for vulnerabilities prevention in the development of web applications
| dc.contributor.author | Vargas, S | |
| dc.contributor.author | Vera, M | |
| dc.contributor.author | Rodríguez, J | |
| dc.date.accessioned | 2020-03-27T03:49:30Z | |
| dc.date.available | 2020-03-27T03:49:30Z | |
| dc.date.issued | 2019 | |
| dc.description.abstract | In recent years, Higher Education Institutions through their Systems departments have strengthened security for the development of applications on web environment, because of their vulnerability to possible computer attacks. This research proposes a security strategy to reduce the risk presented by the web applications developed in the systems department of the Simón Bolívar University, in San José de Cúcuta, Colombia, based on a diagnosis of the current state of its security policy compared to other institutions of the department of Norte de Santander, the analysis of current regulations and the state of the art of security in web applications, as an object of study. This strategy of safe web software development arises in order to establish the security parameters that should be applied by the web software developers of the Institution, shielding the developed applications and thus guaranteeing the integrity of the information that is manipulated through them. The strategy was validated through expert judgment in the field of web application development, emphasizing the importance of applying it to prevent vulnerabilities in institutional web software and thus provide greater reliability in the management of information. | eng |
| dc.format.mimetype | eng | |
| dc.identifier.issn | 17426596 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12442/5075 | |
| dc.language.iso | eng | eng |
| dc.publisher | IOP Publishing | eng |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | eng |
| dc.rights.accessrights | info:eu-repo/semantics/openAccess | eng |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.source | Journal of Physics: Conference Series | eng |
| dc.source | Vol. 1414 (2019) | eng |
| dc.source.uri | https://iopscience.iop.org/article/10.1088/1742-6596/1414/1/012017 | eng |
| dc.subject | Web environment | eng |
| dc.subject | Security policy | eng |
| dc.title | Security strategy for vulnerabilities prevention in the development of web applications | eng |
| dc.type | article | eng |
| dc.type.driver | article | eng |
| dcterms.references | Canedo G, Flores M, Hill A, Martinez M, Papaleo M, Soarez N and Targetta C 2017 Secure coding practices guide (Lisbon: OWASP foundation) | eng |
| dcterms.references | Booch G, Jacobson I and Rumbaugh J 2000 El proceso unificado de desarrollo de software (Madrid: Addison Wesley) | spa |
| dcterms.references | Bermejo J R 2014 Assessment methodology of web applications automatic security analysis tools for adaptation in the development life cycle (Madrid: Universidad Nacional de Educación a Distancia) | eng |
| dcterms.references | Goseva-Popstojanova K and Perhinschi A 2015 On the capability of static code analysis to detect security vulnerabilities Information and Software Technology 68 18 | eng |
| dcterms.references | Daud M I 2010 Secure software development model: A guide for secure software life cycle International Multi Conference of Engineers and Computer Scientists (Hong Kong: IMECS) p 17 | eng |
| dcterms.references | Hope P and White P 2007 Software security requirements the foundation for security (Dulles: Cigital Inc.) | eng |
| dcterms.references | Common Criteria for Information Technology Security Evaluation 2005 Part 2: Security functional requirements, version 2.3 (United States and other countries: Common Criteria) | eng |
| dcterms.references | Ruiz R 2006 Historia y evolución del pensamiento científico (México: Martínez Coll Ediciones) | spa |
| dcterms.references | Smith M and Dehlinger J 2014 Enabling static security vulnerability analysis in PHP applications for novice developers with SSVChecker Conference on Research in Adaptive and Convergent Systems (New York: ACM DL) p 278 | eng |
| dcterms.references | Okubo T and Tanaka H 2008 Web security patterns for analysis and design 15th Conference on Pattern Languages of Programs (Nashville: ACM DL) p 25 | eng |
| dcterms.references | Mundada Y, Feamster N and Krishnamurthy B 2016 Half-baked cookies: Hardening cookie-based authentication for the modern web 11th ACM on Asia Conference on Computer and Communications Security (New York: ACM DL) p 675 | eng |
| dcterms.references | Neville-Neil G V 2007 Building secure web applications ACM Queue 5 22 | eng |
| dcterms.references | Li X and Xue Y 2014 A survey on server-side approaches to securing web applications ACM Computer Surveys 46 54 | eng |
| dcterms.references | Hernandez E 1999 Auditoría en informática (México: CECSA) | spa |
| dcterms.references | Cao Y, Li Z, Rastogi V, Chen Y and Wen X 2012 Virtual browser: A virtualized browser to sandbox thirdparty javascripts with enhanced security 7th ACM Symposium on Information, Computer and Communications Security (Seoul: ACM DL) p 8 | eng |
| dcterms.references | Mavromoustakos S, Patel A, Chaudhary K, Chokshi P and Patel S 2016 Causes and prevention of SQL injection attacks in web applications 4th International Conference on Information and Network Security (New York: ACM DL) p 55 | eng |
| dcterms.references | Yao D, Koglin Y, Bertino E and Tamassia R 2007 Decentralized authorization and data security in web content delivery ACM Symposium on Applied Computing (Seoul: ACM DL) p 1654 | eng |
| dcterms.references | Dowd M, McDonald J, Schuh J 2007 The art of software security assessment: Identifying and preventing software vulnerabilities (Mexico: Addison Wesley) | eng |
| oaire.version | info:eu-repo/semantics/publishedVersion | eng |