Roddy A. Correa scite author profile

Roddy A. Correa

2Publications

5Citation Statements Received

83Citation Statements Given

How they've been cited

How they cite others

Affiliations

Universidad Técnica Particular de Loja

Publications

Order By: Most citations

Implementation of Techniques, Standards and Safety Recommendations to Prevent XSS and SQL Injection Attacks in Java EE RESTful Applications

Guamán

Jaramillo

et al. 2016

View full text Add to dashboard Cite

Abstract. There are recommendations and tools, given by OWASP that suggest basic techniques of prevention and protection of computer attacks over web applications where the common types of attacks are XSS and SQL Injection; for that reasons, we apply recommendations and good practice to minimize this kind of attacks; used some tools to validate automatically attacks and built some expressions to validate manually the intrusions in web applications. Therefore, this study was based on the development of a prototype under REST, design pattern Facade, Java EE and Glassfish [13].With the development of the prototype it was found that by the use of standards and norms recommend by OWASP the security in terms of overall design and source code in web applications can be greatly improved.

show abstract

Hybrid Security AssessmentMethodology forWeb Applications

Correa¹,

Higuera²,

Higuera³

et al. 2021

View full text Add to dashboard Cite

This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications. The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box, to carry out the security validation of a web application in an agile and precise way. The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks. Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage, so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result. The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle (SSDLC). A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics. Dynamic analysis with manual checking is used to audit the results, 24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally. This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally. Dynamic analysis finds six (6) additional critical vulnerabilities. Access control analysis finds other five (5) important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks, two vulnerabilities that permit brute force attacks.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Roddy A. Correa

Implementation of Techniques, Standards and Safety Recommendations to Prevent XSS and SQL Injection Attacks in Java EE RESTful Applications

Hybrid Security AssessmentMethodology forWeb Applications

Contact Info

Product

Resources

About