*Result*: Implementación de técnicas y recomendaciones de seguridad OWASP para evitar ataques de tipo inyección SQL, XSS utilizando J2EE y WS-Security.

Title:
Implementación de técnicas y recomendaciones de seguridad OWASP para evitar ataques de tipo inyección SQL, XSS utilizando J2EE y WS-Security. (Spanish)
Alternate Title:
Implementation of techniques and OWASP security recommendations to avoid SQL and XSS attacks using J2EE and WS-Security. (English)
Authors:
Guamán, Daniel, Guamán, Franco, Jaramillo, Danilo, Sucunuta, Manuel
Source:
CISTI (Iberian Conference on Information Systems & Technologies / Conferência Ibérica de Sistemas e Tecnologias de Informação) Proceedings; 2017, Vol. 1, p1169-1175, 7p
Database:
Complementary Index

*Further Information*

*This work contains the implementation of techniques and recommendations OWASP on a SOA prototype developed with J2EE. To its design and coding we used some WS-Security specifications, Metro framework, MVC as architectural pattern, Facade and DAO as design patterns. The prototype was validated in terms of design, coding and security through some tools such as: Structural Analysis for Java, SonarQube, OWASP ZAP, Vega and Wireshark. With the development of this prototype we prove that use of standards, recommendations and techniques for writing secure code in software applications are necessary in order to prevent vulnerabilities; besides, the static analysis supports to identify security breaches and quality aspects that many times are not considered by developers. [ABSTRACT FROM AUTHOR]*

*El presente trabajo contiene la implementación de técnicas y recomendaciones OWASP sobre un prototipo SOA desarrollado con J2EE. Para su diseño y codificación se utilizan ciertas especificaciones WS-Security, framework Metro, MVC como patrón arquitectónico, Facade y DAO como patrones de diseño. El prototipo fue validado a nivel de diseño, codificación y seguridad a través de herramientas tales como: Structural Analysis for Java, SonarQube, OWASP ZAP, Vega y Wireshark. Con el desarrollo del prototipo se comprueba que el uso de normas, recomendaciones y técnicas para escritura de código seguro en aplicaciones de software son necesarias para evitar vulnerabilidades; además, el análisis estático apoya en la identificación de brechas de seguridad y aspectos de calidad que muchas de las veces no son consideradas por los desarrolladores. [ABSTRACT FROM AUTHOR]

Copyright of CISTI (Iberian Conference on Information Systems & Technologies / Conferência Ibérica de Sistemas e Tecnologias de Informação) Proceedings is the property of Conferencia Iberica de Sistemas Tecnologia de Informacao and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)*