Skip to main content
SpringerLink
Log in
Book cover

17th International Conference on Information Technology–New Generations (ITNG 2020) pp 73–78Cite as

Assessment of National Crime Reporting System: Detailed Analysis of the Desktop Application

  • Conference paper
  • First Online:

  • 1493 Accesses

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1134))

Abstract

Numerous standards and codes of best practice recommend the implementation of security practices since the early stages of the application development process. Commonly known as ‘security-as-default’, these practices consist of coding while keeping security in mind to start addressing threats and vulnerabilities before integrating security measures becomes too laborious. Hence, these best practices lead to cleaner and safer code. An effective way to find out whether the application is secure is by performing source code analyses. These analyses report weaknesses in the code once run against a predefined set of rules. Consequently, developers can detect and correct these issues, preventing the application from future exploits. A static source code analysis was performed to assess a National Crime Reporting System for a Latin American country’s National Police. The system is comprised of three modules: the mobile app, the desktop app, and the backend service. This paper focuses on the assessment of the desktop module.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Puma Scan (https://www.pumascan.com).

  2. 2.

    Net Security Guard (https://github.com/dotnet-security-guard/roslyn-security-guard).

  3. 3.

    SonarLint (https://www.sonarlint.org/).

  4. 4.

    VisualCodeGrepper (https://sourceforge.net/projects/visualcodegrepp/).

References

  1. Soares, R.R., Naritomi, M.: Understanding high crime rates in Latin America: the role of social and policy factors. https://www.nber.org/chapters/c11831.pdf (2010)

  2. Sutton, H., et al.: Restoring paradise in the Caribbean: combatting violence with numbers. https://publications.iadb.org/en/restoring-paradise-caribbean-combatting-violence-numbers (2017)

  3. Bergeron, J., et al.: Static detection of malicious code in executable programs. https://nnt.es/Static%20Detection%20of%20Malicious %20Code%20in%20Executable%20Programs.pdf (2001)

  4. Louridas, P.: Static code analysis. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1657940 (2006)

  5. Petukhov, A., Kozlov, D.: Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. https://pdfs.semanticscholar.org/9d33/19d49a52395e37bc6ba29c1e3282c0f0a06a.pdf (2008)

  6. Leff, A., Rayfield, J.T.: Web application development using the model/view/controller design pattern. https://ieeexplore.ieee.org/abstract/document/950428 (2002)

  7. OWASP source code analysis tools. https://www.owasp.org/index.php/Source_Code_Analysis_Tools. Accessed 13 July 2019

  8. Common Weakness Enumeration: CWE-20: Improper input validation. https://cwe.mitre.org/data/definitions/20.html. Accessed 23 June 2019

  9. Dietz, W., et al.: Understanding integer overflow in C/C++. https://dl.acm.org/citation.cfm?id=2743019 (2015)

  10. Hu, W., et al.: Secure and practical defense against code-injection attacks using software dynamic translation. https://dl.acm.org/citation.cfm?id=1134764 (2006)

  11. Common Weakness Enumeration: CWE-327: Use of a broken or risky cryptographic algorithm. https://cwe.mitre.org/data/definitions/327.html. Accessed 07 July 2019

  12. Asad, A., Ali, H.: Working with cryptography. https://link.springer.com/chapter/10.1007/978-1-4842-2860-9_13 (2017)

  13. Andreeva, O., et al.: Industrial control systems vulnerabilities statistics. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2016/07/07190426/KL_REPORT_ICS_Statistic_vulnerabilities.pdf (2016)

  14. Common Weakness Enumeration: CWE-312: Cleartext storage of sensitive information. https://cwe.mitre.org/data/definitions/312.html. Accessed 13 July 2019

  15. NIST Special Publication 800-53: Security controls and assessment procedures for federal information systems and organizations, Rev. 4. https://nvd.nist.gov/800-53/Rev4/control/SC-13 (2015). Accessed 02 July 2019

  16. Zheng, Y., Zhang, X.: Path sensitive static analysis of web applications for remote code execution vulnerability detection. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6606611 (2013)

Download references

Author information

Authors and Affiliations

  1. Illinois Institute of Technology, Chicago, IL, USA

    Francisco Garcia Martinez & Maurice Dawson

  2. Direction of IS and Telematic Technologies, National Police, Santo Domingo, Dominican Republic

    Pedro Taveras

Authors
  1. Francisco Garcia Martinez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maurice Dawson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro Taveras
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francisco Garcia Martinez .

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Nevada, Las Vegas, Las Vegas, NV, USA

    Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Martinez, F.G., Dawson, M., Taveras, P. (2020). Assessment of National Crime Reporting System: Detailed Analysis of the Desktop Application. In: Latifi, S. (eds) 17th International Conference on Information Technology–New Generations (ITNG 2020). Advances in Intelligent Systems and Computing, vol 1134. Springer, Cham. https://doi.org/10.1007/978-3-030-43020-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-43020-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-43019-1

  • Online ISBN: 978-3-030-43020-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation