Static analysis for web service security - Tools &amp;amp; techniques for a secure development life cycle

Masood, Adnan; Java, Jim

doi:10.1109/ths.2015.7225337

Cited by 29 publications

(16 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A modelagem de ameac ¸as é o processo de enumerar e classificar os agentes maliciosos, seus ataques e os possíveis impactos desses ataques nos ativos de um sistema [Masood and Java 2015]. Dessa forma, o processo ajuda a detectar falhas desde o início, oferecendo uma oportunidade para elaborar os requisitos de seguranc ¸a do sistema e, consequentemente, revisar as opc ¸ões de projeto ou refinar o modelo de arquitetura.…”

Section: Implementac ¸ãO Ou Análise De Métodos De Desenvolvimento Segurounclassified

“…Tabela 3. Principais obras da Sec ¸ão 4.2 e suas contribuic ¸ões Autor Principais contribuic ¸ões [Masood and Java 2015] Debate sobre a importância de adotar a modelagem de ameac ¸as e como ela pode preparar melhor os desenvolvedores para enfrentar e mitigar ataques e tornar as arquiteturas orientadas a servic ¸os mais seguras. Os autores ainda buscam identificar e explicar como as APIs públicas, especialmente as RESTFul, são expostas a negac ¸ão de servic ¸o e outras ameac ¸as relacionadas a aplicativos da Web.…”

Section: Implementac ¸ãO Ou Análise De Métodos De Desenvolvimento Segurounclassified

See 1 more Smart Citation

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

O objetivo deste trabalho é apresentar uma revisão sistemática sobre o desenvolvimento de aplicações Web a partir das principais vulnerabilidades de segurança encontradas na lista OWASP TOP10. Esta revisão sistemática visa identificar pesquisas, ferramentas e metodologias que proporcionam formas seguras de desenvolver sistemas Web. Inicialmente foram encontrados 165 trabalhos, sendo desses 89 selecionados como relevantes. Resultados apresentam os trabalhos que tratam das principais vulnerabilidades descritas na OWASP TOP 10, e as principais ferramentas e métodos para projeto e desenvolvimento de um software seguro.

show abstract

Section: Implementac ¸ãO Ou Análise De Métodos De Desenvolvimento Segurounclassified

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

show abstract

“…The result obtained of this process is a residual risk to control it [4], [19], [30], using the different security policies and controls given by JAX-RS, these control mechanism [31] are included in the source code, to provide a warrantee for transaction done by the client and the server. To how obtain a score or number that gives basic information about the effectiveness of these controls, and know which controls apply for a specific weakness are necessary a security metric [32] and a documental review in the JAX-RS libraries documentation.…”

Section: Evaluation Of the Vulnerabilitiesmentioning

confidence: 99%

Cross Site Scripting Vulnerabilities in JAX-RS: A Security Approach

Velandia¹,

Ortiz²,

Sierra-Pérez³

et al. 2019

JSW

View full text Add to dashboard Cite

Restful services are concerned with the integration of software systems using HTTP as base. Research studies addressing security assessments over JAX-RS are scarce, even more in Cross Site Scripting (XSS), which is a sort of attack that consists of stealing data or phishing. Thus, the aim of this paper is to present an assessment of the vulnerabilities over JAX-RS implementations when a XSS attack is involved. The assessment comprises: (1) selection of attack methods, (2) programming and assessing of attacks throughout dynamic programming and recursive methods; (3) identifying the vulnerabilities by means of a mathematical model, which determines the level of security of implementations. As a proof of concept, a prototype is implemented to demonstrate how the guideline is applied. Additionally, controls are proposed for every vulnerability identified.

show abstract

“…Distributed Denial of service (DDoS) attack is one of the essential security attacks due to its explicit threatening of the balance of the net [1] [4]. DDoS attack is a Denial of carrier (DoS) attacks relying on a distributed, collaborative massive-scale denial of service attacks.…”

Section: Service Denial Attacksmentioning

confidence: 99%

An Investigation of Security Techniques for Concealed Ddos Exposure Attacks

Praghash¹,

Masthan²,

Ravi³

2018

IJCT

View full text Add to dashboard Cite

Due to the influence of the multi-level system, the DDoS became a significant investigation in modern days. This encourages us to reduce the data loss and service overheads. In order to investigate these issues, an investigation of the DDoS attack and their related security techniques were analyzed in this paper. So, in this investigation, various data about the intruders will be collected by employing a secured multi-layered design with nomadic honeypots. Our proposed Subterranean Optimization procedure is utilized to distinguish the gatecrashers in view of the pheromone store on that considered zone. A multi-degree IP log table is utilized to distinguish the gatecrashers at diverse ranges of the device. Once the prompted range is found, the information is sent to multi-degree engineering to restrain the spreading of the stimulated region within the honeypot. This statistics will be dispatched to the honeypot to make a guard framework towards the attackers. The advantage of this proposed strategy is that it gives a complete barrier against DDoS at multilevel without making any overhead.

show abstract

Static analysis for web service security - Tools & techniques for a secure development life cycle

Cited by 29 publications

References 10 publications

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Cross Site Scripting Vulnerabilities in JAX-RS: A Security Approach

An Investigation of Security Techniques for Concealed Ddos Exposure Attacks

Contact Info

Product

Resources

About