Gestão de Vulnerabilidade em Aplicações WEB: Exploração de SQL Injection
Description
Through further expansion related to the use of services on web pages, weighted, in parallel, to the strong joining of systematized data structures, the degenerations caused by attacks, until now, are characterized as a pertinent challenge for institutions and organizations that may be susceptible to this kind of adversity. There is a need to adopt good practices regarding security policies to avoid problems to the health of the organization's data. Thus, this study aims to highlight the importance of adopting OWASP guidelines about defense against SQL Injection, aligned with security management, in view of the consequences that vulnerability may cause. Aiming the development of a didactic and practical environment for the experimentation and application of the concepts presented in this work, a conceptual web application prototype was implemented, purposely containing the SQL Injection vulnerability. Technologies and approaches have been adopted in their implementation that have made it easy to perform test / attack procedures, understand implementation, vulnerability, and correction of the failures. It is concluded that if OWASP recommended protection measures based on the PCI DSS data security standard guidelines, can be adopted more efficiently in maintaining and building web applications, the incidence of SQL injection threats will be significantly smaller
Files
AlanLucena_RenanDias_20191206_PRONTO (2).pdf
Files
(1.4 MB)
Name | Size | Download all |
---|---|---|
md5:e5198581248d6c9633b2b50e34378519
|
1.4 MB | Preview Download |
Additional details
Related works
- Cites
- 10.29327/41302367 (DOI)