Skip to main content
SpringerLink
Log in

Proposal of a Hybrid Process to Manage Vulnerabilities in Web Applications

  • Conference paper
  • First Online:
Trends and Applications in Software Engineering

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 405))

Abstract

The information systems security is essential for organizations because organizations use information systems to manage their key information related to customers, products, and transactions, among others. The information systems of organizations are mostly web. However, over 70 % of the vulnerabilities are found in web applications, such as SQL Injection, Cross-site Scripting (XSS), Cross Site Request Forgery CSRF, Insecure Configuration Management, among others. Therefore, it is very important to secure the web systems. Therefore in the last 3 years have been observed an increase in the vulnerabilities having impact in the web systems attacks. Moreover, it has been detected that organizations do not implement procedures or processes to manage vulnerabilities, leaving exposed their systems. In this context, this paper presents a hybrid process that will enable organizations to detect and manage vulnerabilities in their web applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Casaca, J.: Determinants of the information security effectiveness in small and medium sized enterprises. Proceedings in EIIC-The 3rd Electronic International Interdisciplinary Conference. pp. 495–500 (2014)

    Google Scholar 

  2. Kaspersky: Social engineering| internet security threats| kaspersky lab Mexico. http://latam.kaspersky.com/mx/internet-security-center/threats/malware-social-engineering (2015). Accessed 17 Jun 2015

  3. Gartner: Gartner news room. http://www.gartner.com/newsroom/ (2014). Accessed 16 Feb 2015

  4. NIST: News—NIST IT security. http://www.nist.org/news.php (2014). Accessed 16 Feb 2015

  5. National Vulnerability Database: NVD—statistics search. https://web.nvd.nist.gov/view/vuln/statistics (2015). Accessed 16 Feb 2015

  6. McAfee Labs: McAfee labs threats report, no. Nov 2014

    Google Scholar 

  7. OSVDB: OSVDB: Open Sourced Vulnerability Database. http://osvdb.org/ (2014). Accessed 07 Dec 2014

  8. McAfee: McAfee labs informe sobre amenazas. (2014)

    Google Scholar 

  9. Kitchenham, B.: Evidence-based software engineering. Softw. Eng. (2004)

    Google Scholar 

  10. Hernández Saucedo, A.L.: Guía de ataques, vulnerabilidades, técnicas y herramientas para aplicaciones web. Recibe Revista Electrónica de Computación, biomédica y electrónica, no. 1, 2015

    Google Scholar 

  11. Singh, B., Kannojia, S.P.: A review on software quality models. 2013 Int. Conf. Commun. Syst. Netw. Technol., pp. 801–806 Apr 2013

    Google Scholar 

  12. Caralli, R., Allen, J., Curtis, P.: CERT® Resilience Management Model, v1. 0 (2011)

    Google Scholar 

  13. AENOR: UNE-ISO/IEC 27000 (2014)

    Google Scholar 

  14. ISO: ISO/IEC 27002:2013. https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en (2014). Accessed 16 Feb 2015

  15. AENOR: UNE-ISO/IEC 27002 (2009)

    Google Scholar 

  16. ITGI: Alineando CobiT 4.1, ITIL V3, ISO/IEC 27002 en beneficio del negocio. (2008)

    Google Scholar 

  17. Madrid, E.P.: Sistemas y servicios digitales e híbridos de información. (2009)

    Google Scholar 

Further Reading

  1. W3af.org: w3af—Open Source Web Application Security Scanner. http://w3af.org/ (2015). Accessed 23 Jul 2015

  2. Qualys: Qualys Web Application Scanning (WAS) | Qualys, Inc. https://www.qualys.com/enterprises/qualysguard/web-application-scanning/ (2014). Accessed 19 Dec 2014

  3. Beyontrust: Web vulnerability management software | Assessment software, http://www.beyondtrust.com/Products/RetinaWebSecurityScanner/ (2014). Accessed 19 Dec 2014

Download references

Author information

Authors and Affiliations

  1. Centro de Investigación en Matemáticas, Av. Universidad No. 222, 98068, Guadalupe, Zacatecas, Mexico

    Ana L. Hernández-Saucedo & Jezreel Mejía

Authors
  1. Ana L. Hernández-Saucedo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jezreel Mejía
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ana L. Hernández-Saucedo .

Editor information

Editors and Affiliations

  1. CIMAT AC, Fractionation La Loma, Unit Zacatecas, Zacatecas, Mexico

    Jezreel Mejia

  2. CIMAT AC, Fractionation La Loma, Zacatecas Unit, Zacatecas, Mexico

    Mirna Munoz

  3. DEI/FCT, Universidade de Coimbra, Coimbra, Portugal

    Álvaro Rocha

  4. Computer Languages and Systems, University of Polytechnical of Madrid, Madrid, Spain

    Jose Calvo-Manzano

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Hernández-Saucedo, A.L., Mejía, J. (2016). Proposal of a Hybrid Process to Manage Vulnerabilities in Web Applications. In: Mejia, J., Munoz, M., Rocha, Á., Calvo-Manzano, J. (eds) Trends and Applications in Software Engineering. Advances in Intelligent Systems and Computing, vol 405. Springer, Cham. https://doi.org/10.1007/978-3-319-26285-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26285-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26283-3

  • Online ISBN: 978-3-319-26285-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation