Abstract
Following the EU Information and Communication Technologies agenda, the Portuguese Government has started the creation of many applications, enabling electronic interaction between individuals, companies and the public administration – the e-Government. Due to the Internet open nature and the sensitivity of the data that those applications have to handle, it is important to ensure and assess their security. Financial institutions, such as banks, that nowadays use the WWW as a communication channel with their customers, face the same challenges.
The main objective of this paper is to introduce a work that will be performed to assess the security of the financial and public administration sectors web applications. In this paper the authors provide a description of the rationale behind this work that involves the selection of a set of key financial and public administration web applications, the definition and application of a security assessment methodology, and the evaluation the assessment results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Petukhov, A., Kozlov, D.: Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing, Computing Systems Lab, Department of Computer Science, Moscow State University (2008)
Holz, T., Marechal, S., Raynal, F.: New Threats and Attacks on the World Wide Web. IEEE Computer Society, Los Alamitos (2006)
Simplex Program, http://www.simplex.pt
Budiarto, R., Ramadass, S., Samsudin, A., Noor, S.: Development of Penetration Testing Model for Increasing Network Security. IEEE Press, Los Alamitos (2004)
Arkin, B., Stender, S., MCGraw, G.: Software Penetration Testing. IEEE Press, Los Alamitos (2005)
van der Stock, A., et al.: OWASP Top 10 the ten most critical web application security vulnerabilities. In: OWASP (2007)
Agarwwal, A., et al.: OWASP Testing Guide v3.0. In: OWASP (2008)
Auger, R., et al.: Web Application Security Consortium: Threat Classification. WASC Press (2004)
Andreu, A.: Pen Testing for Web Applications, Wiley Publishing, Inc., 10475 Crosspoint Boulevard Indianapolis, IN 46256 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Teodoro, N., Serrão, C. (2010). Web Applications Security Assessment in the Portuguese World Wide Web Panorama. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16120-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-16120-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16119-3
Online ISBN: 978-3-642-16120-9
eBook Packages: Computer ScienceComputer Science (R0)