Regresar

Implementation of techniques and OWASP security recommendations to avoid SQL and XSS attacks using J2EE and WS-Security

Abstract:

This work contains the implementation of techniques and recommendations OWASP on a SOA prototype developed with J2EE. To its design and coding we used some WS-Security specifications, Metro framework, MVC as architectural pattern, Facade and DAO as design patterns. The prototype was validated in terms of design, coding and security through some tools such as: Structural Analysis for Java, SonarQube, OWASP ZAP, Vega and Wireshark. With the development of this prototype we prove that use of standards, recommendations and techniques for writing secure code in software applications are necessary in order to prevent vulnerabilities; besides, the static analysis supports to identify security breaches and quality aspects that many times are not considered by developers.

Año de publicación:

2017

Keywords:

  • SQL injection
  • XSS
  • Metro Framework
  • OWASP
  • WS-Security
  • SOA

Fuente:

googlegoogle
scopusscopus

Tipo de documento:

Conference Object

Estado:

Acceso restringido

Áreas de conocimiento:

  • Ingeniería de software
  • Ciencias de la computación

Áreas temáticas:

  • Ciencias de la computación

Contribuidores:

Manuel SucunutaManuel Sucunuta
Daniel GuamánDaniel Guamán
Danilo Jaramillo HurtadoDanilo Jaramillo Hurtado
Daniel Alejandro Guaman CoronelDaniel Alejandro Guaman Coronel
Guamán F.Guamán F.