Web applications security and vulnerability analysis financial web applications security audit – a case study
Autor(a) principal: | |
---|---|
Data de Publicação: | 2016 |
Outros Autores: | |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10071/12991 |
Resumo: | Information security can no longer be neglected in any area. It is a concern to everyone and every organization. This is particularly important in the finance sector, not only because the financial amounts involved but also clients and organization’s private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing which simulates an attacker’s behavior in a controlled environment in order to identify its vulnerabilities. This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools. |
id |
RCAP_5d52f41ae68c12f35e3e0fcf70676273 |
---|---|
oai_identifier_str |
oai:repositorio.iscte-iul.pt:10071/12991 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Web applications security and vulnerability analysis financial web applications security audit – a case studySecurityWeb applicationsWeb securityOWASPInformation security can no longer be neglected in any area. It is a concern to everyone and every organization. This is particularly important in the finance sector, not only because the financial amounts involved but also clients and organization’s private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing which simulates an attacker’s behavior in a controlled environment in order to identify its vulnerabilities. This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.Infonomics Society2017-04-18T13:29:06Z2016-01-01T00:00:00Z20162019-04-16T13:00:13Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10071/12991eng2046-362610.20533/ijibs.2046.3626.2016.0014Vieira, T.Serrão, C.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:43:14Zoai:repositorio.iscte-iul.pt:10071/12991Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:20:19.607123Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
title |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
spellingShingle |
Web applications security and vulnerability analysis financial web applications security audit – a case study Vieira, T. Security Web applications Web security OWASP |
title_short |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
title_full |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
title_fullStr |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
title_full_unstemmed |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
title_sort |
Web applications security and vulnerability analysis financial web applications security audit – a case study |
author |
Vieira, T. |
author_facet |
Vieira, T. Serrão, C. |
author_role |
author |
author2 |
Serrão, C. |
author2_role |
author |
dc.contributor.author.fl_str_mv |
Vieira, T. Serrão, C. |
dc.subject.por.fl_str_mv |
Security Web applications Web security OWASP |
topic |
Security Web applications Web security OWASP |
description |
Information security can no longer be neglected in any area. It is a concern to everyone and every organization. This is particularly important in the finance sector, not only because the financial amounts involved but also clients and organization’s private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing which simulates an attacker’s behavior in a controlled environment in order to identify its vulnerabilities. This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools. |
publishDate |
2016 |
dc.date.none.fl_str_mv |
2016-01-01T00:00:00Z 2016 2017-04-18T13:29:06Z 2019-04-16T13:00:13Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10071/12991 |
url |
http://hdl.handle.net/10071/12991 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
2046-3626 10.20533/ijibs.2046.3626.2016.0014 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Infonomics Society |
publisher.none.fl_str_mv |
Infonomics Society |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134763662966784 |