Analysis of Web Application Code Vulnerabilities using Secure Coding Standards

Sahu, Divya Rishi; Tomar, Deepak Singh

doi:10.1007/s13369-016-2362-5

Cited by 10 publications

(10 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…De acordo com os autores é necessário que a seguranc ¸a seja abordada desde o inicio do ciclo, apresentando atividades a serem implementadas em cada fase. [Sahu and Tomar 2017, Erdogan et al 2014, Aziz et al 2016 Apresentam princípios de codificac ¸ão segura. Um sistema de análise de código estático interativo é desenvolvido, o que ajuda os desenvolvedores de sistemas Web a escrever códigos seguros, também facilitando programadores a mitigar vulnerabilidades mais comuns.…”

Section: Implementac ¸ãO Ou Análise De Métodos De Desenvolvimento Segurounclassified

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

O objetivo deste trabalho é apresentar uma revisão sistemática sobre o desenvolvimento de aplicações Web a partir das principais vulnerabilidades de segurança encontradas na lista OWASP TOP10. Esta revisão sistemática visa identificar pesquisas, ferramentas e metodologias que proporcionam formas seguras de desenvolver sistemas Web. Inicialmente foram encontrados 165 trabalhos, sendo desses 89 selecionados como relevantes. Resultados apresentam os trabalhos que tratam das principais vulnerabilidades descritas na OWASP TOP 10, e as principais ferramentas e métodos para projeto e desenvolvimento de um software seguro.

show abstract

Section: Implementac ¸ãO Ou Análise De Métodos De Desenvolvimento Segurounclassified

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

show abstract

“…On the basis of previous research [24,[26][27][28][29], we evaluate the concept of smart grids; select 5 first-level indexes and 13 second-level indexes of a smart terminal, wireless communication channel, password security, application code, and embedded system; and establish the information security risk indexes of smart grids (Table 2).…”

Section: Information Security Risk Index Of Smart Gridmentioning

confidence: 99%

“…Assume 10 experts scoring the two schemes. Of the 10 experts, 7 think that the probability of scheme 1 is Application code [28] Application code design Single responsibility principle, Liskov substitution principle, etc.…”

Section: Basic Theorymentioning

confidence: 99%

Combination of D-AHP and Grey Theory for the Assessment of the Information Security Risks of Smart Grids

Dong

Zhao

Yang

et al. 2020

Mathematical Problems in Engineering

View full text Add to dashboard Cite

As a modern power infrastructure, smart grids have great advantages over traditional power grids, but their effective operation is largely restricted by information security. Hence, a smart grid information security risk assessment (ISRA) method is proposed. This method combines D numbers to improve the classical analytic hierarchy process (D-AHP) independent of experts’ subjective qualitative assessment and then integrated with grey theory which does not require complete and unambiguous information. First, we establish a smart grid ISRA system according to the characteristics and development reality of smart grid technology. The proposed system includes 5 first-level indexes as an intelligent terminal, a wireless communication channel, password security, application code and embedded system, and corresponding 13 secondary indexes. Second, a D-AHP method aimed at the uncertainty of human subjective judgment and fuzziness of language assessment is used to obtain the weight of each index. The D-AHP method is then combined with the grey assessment matrix solved by grey theory, to obtain the comprehensive assessment value and corresponding risk grade. With a smart grid demonstration project in Suzhou, China, as an example, an empirical study is carried out using expert scoring. The comprehensive assessment risk value is 3.8199, and the corresponding risk level is moderate. The results of this work could serve as a reference for the information security protection of smart grids.

show abstract

“…RIPS 0.5 version was limited in features and type of vulnerability detection. RIPS version 0.55 has been released in 2017 [21][22].…”

Section: Ripsmentioning

confidence: 99%

A Framework for Web Application Vulnerability Detection

Kalim¹,

Jha²,

Tomar³

et al. 2020

IJEAT

Self Cite

View full text Add to dashboard Cite

Hardly a facet of human life is not influenced by theInternet due to the continuous proliferation in the Internet facilities, usage, speed, user friendly browsing, global access, etc. At flip side, hackers are also attacking this digital world with new tactics and techniques through exploiting the web application vulnerabilities. The analysis of these vulnerabilities is of paramount importance in direction to secure social digital world. It can be carried out in two ways. First, manual analysis which is error prone due to the human nature of forgiveness, dynamic change in technology and fraudulence attack techniques. Second, through the existing web application vulnerability scanners that sometime may suffer from generating false alarm rate. Hence, there is a need to develop a framework that can detect different levels of vulnerabilities, ranging from client side vulnerabilities, communication side vulnerabilities to server side vulnerabilities. This paper has carried out the literature survey in direction of identifying the new attack vectors, vulnerabilities, detection mechanism, research gaps and new working areas in same field. Continuous improvement in framework is easy.Hence, a framework is proposed to overcome the identified research gap.

show abstract

Analysis of Web Application Code Vulnerabilities using Secure Coding Standards

Cited by 10 publications

References 9 publications

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Combination of D-AHP and Grey Theory for the Assessment of the Information Security Risks of Smart Grids

A Framework for Web Application Vulnerability Detection

Contact Info

Product

Resources

About