Abstract
The information systems security is essential for organizations because organizations use information systems to manage their key information related to customers, products, and transactions, among others. The information systems of organizations are mostly web. However, over 70 % of the vulnerabilities are found in web applications, such as SQL Injection, Cross-site Scripting (XSS), Cross Site Request Forgery CSRF, Insecure Configuration Management, among others. Therefore, it is very important to secure the web systems. Therefore in the last 3 years have been observed an increase in the vulnerabilities having impact in the web systems attacks. Moreover, it has been detected that organizations do not implement procedures or processes to manage vulnerabilities, leaving exposed their systems. In this context, this paper presents a hybrid process that will enable organizations to detect and manage vulnerabilities in their web applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Casaca, J.: Determinants of the information security effectiveness in small and medium sized enterprises. Proceedings in EIIC-The 3rd Electronic International Interdisciplinary Conference. pp. 495–500 (2014)
Kaspersky: Social engineering| internet security threats| kaspersky lab Mexico. http://latam.kaspersky.com/mx/internet-security-center/threats/malware-social-engineering (2015). Accessed 17 Jun 2015
Gartner: Gartner news room. http://www.gartner.com/newsroom/ (2014). Accessed 16 Feb 2015
NIST: News—NIST IT security. http://www.nist.org/news.php (2014). Accessed 16 Feb 2015
National Vulnerability Database: NVD—statistics search. https://web.nvd.nist.gov/view/vuln/statistics (2015). Accessed 16 Feb 2015
McAfee Labs: McAfee labs threats report, no. Nov 2014
OSVDB: OSVDB: Open Sourced Vulnerability Database. http://osvdb.org/ (2014). Accessed 07 Dec 2014
McAfee: McAfee labs informe sobre amenazas. (2014)
Kitchenham, B.: Evidence-based software engineering. Softw. Eng. (2004)
Hernández Saucedo, A.L.: Guía de ataques, vulnerabilidades, técnicas y herramientas para aplicaciones web. Recibe Revista Electrónica de Computación, biomédica y electrónica, no. 1, 2015
Singh, B., Kannojia, S.P.: A review on software quality models. 2013 Int. Conf. Commun. Syst. Netw. Technol., pp. 801–806 Apr 2013
Caralli, R., Allen, J., Curtis, P.: CERT® Resilience Management Model, v1. 0 (2011)
AENOR: UNE-ISO/IEC 27000 (2014)
ISO: ISO/IEC 27002:2013. https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en (2014). Accessed 16 Feb 2015
AENOR: UNE-ISO/IEC 27002 (2009)
ITGI: Alineando CobiT 4.1, ITIL V3, ISO/IEC 27002 en beneficio del negocio. (2008)
Madrid, E.P.: Sistemas y servicios digitales e híbridos de información. (2009)
Further Reading
W3af.org: w3af—Open Source Web Application Security Scanner. http://w3af.org/ (2015). Accessed 23 Jul 2015
Qualys: Qualys Web Application Scanning (WAS) | Qualys, Inc. https://www.qualys.com/enterprises/qualysguard/web-application-scanning/ (2014). Accessed 19 Dec 2014
Beyontrust: Web vulnerability management software | Assessment software, http://www.beyondtrust.com/Products/RetinaWebSecurityScanner/ (2014). Accessed 19 Dec 2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Hernández-Saucedo, A.L., Mejía, J. (2016). Proposal of a Hybrid Process to Manage Vulnerabilities in Web Applications. In: Mejia, J., Munoz, M., Rocha, Á., Calvo-Manzano, J. (eds) Trends and Applications in Software Engineering. Advances in Intelligent Systems and Computing, vol 405. Springer, Cham. https://doi.org/10.1007/978-3-319-26285-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-26285-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26283-3
Online ISBN: 978-3-319-26285-7
eBook Packages: Computer ScienceComputer Science (R0)