Web applications security and vulnerability analysis financial web applications security audit – a case study

Detalhes bibliográficos
Autor(a) principal: Vieira, T.
Data de Publicação: 2016
Outros Autores: Serrão, C.
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/12991
Resumo: Information security can no longer be neglected in any area. It is a concern to everyone and every organization. This is particularly important in the finance sector, not only because the financial amounts involved but also clients and organization’s private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing which simulates an attacker’s behavior in a controlled environment in order to identify its vulnerabilities. This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.
id RCAP_5d52f41ae68c12f35e3e0fcf70676273
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/12991
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Web applications security and vulnerability analysis financial web applications security audit – a case studySecurityWeb applicationsWeb securityOWASPInformation security can no longer be neglected in any area. It is a concern to everyone and every organization. This is particularly important in the finance sector, not only because the financial amounts involved but also clients and organization’s private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing which simulates an attacker’s behavior in a controlled environment in order to identify its vulnerabilities. This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.Infonomics Society2017-04-18T13:29:06Z2016-01-01T00:00:00Z20162019-04-16T13:00:13Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10071/12991eng2046-362610.20533/ijibs.2046.3626.2016.0014Vieira, T.Serrão, C.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:43:14Zoai:repositorio.iscte-iul.pt:10071/12991Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:20:19.607123Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Web applications security and vulnerability analysis financial web applications security audit – a case study
title Web applications security and vulnerability analysis financial web applications security audit – a case study
spellingShingle Web applications security and vulnerability analysis financial web applications security audit – a case study
Vieira, T.
Security
Web applications
Web security
OWASP
title_short Web applications security and vulnerability analysis financial web applications security audit – a case study
title_full Web applications security and vulnerability analysis financial web applications security audit – a case study
title_fullStr Web applications security and vulnerability analysis financial web applications security audit – a case study
title_full_unstemmed Web applications security and vulnerability analysis financial web applications security audit – a case study
title_sort Web applications security and vulnerability analysis financial web applications security audit – a case study
author Vieira, T.
author_facet Vieira, T.
Serrão, C.
author_role author
author2 Serrão, C.
author2_role author
dc.contributor.author.fl_str_mv Vieira, T.
Serrão, C.
dc.subject.por.fl_str_mv Security
Web applications
Web security
OWASP
topic Security
Web applications
Web security
OWASP
description Information security can no longer be neglected in any area. It is a concern to everyone and every organization. This is particularly important in the finance sector, not only because the financial amounts involved but also clients and organization’s private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing which simulates an attacker’s behavior in a controlled environment in order to identify its vulnerabilities. This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.
publishDate 2016
dc.date.none.fl_str_mv 2016-01-01T00:00:00Z
2016
2017-04-18T13:29:06Z
2019-04-16T13:00:13Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/12991
url http://hdl.handle.net/10071/12991
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2046-3626
10.20533/ijibs.2046.3626.2016.0014
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Infonomics Society
publisher.none.fl_str_mv Infonomics Society
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134763662966784