Security maturity model of web applications for cyber attacks

Renato Rojas, Ana Muedas, David Santos Mauricio Sanchez

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Bearing in mind that the projections made for the area of information security point to an increase in attacks on the health sector, added to the lack or little diffusion of security maturity models that allow organizations to know the status of their website in terms of security and that the existing models lack a post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks, oriented to the health sector, which is simple to apply. The proposed model will be based on the International Professional Practice Framework methodology and will include the main vulnerabilities published by the Open Web Application Security Project to propose attacks that identify the weakness of the evaluated web system, so that the client company has the possibility to reinforce its weaknesses. Guides will also be proposed to select strategies to improve critical points from a security perspective. As a result of the validation, it was found that, of the 14 tests applied, 5 were approved, positioning the web at level 3 of maturity, which means that there are validations in the structure of the web; however, they are partial or inefficient.

Original languageEnglish
Title of host publicationICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019
PublisherAssociation for Computing Machinery
Pages130-137
Number of pages8
ISBN (Electronic)9781450366182
DOIs
StatePublished - 19 Jan 2019
Externally publishedYes
Event3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019 - Kuala Lumpur, Malaysia
Duration: 19 Jan 201921 Jan 2019

Publication series

NameACM International Conference Proceeding Series

Conference

Conference3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019
CountryMalaysia
CityKuala Lumpur
Period19/01/1921/01/19

Bibliographical note

Publisher Copyright:
© 2019 Copyright is held by the owner/author(s).

Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.

Keywords

  • Clinical records
  • Cyber defense
  • Cyber-attack
  • Penetration tests
  • Security information
  • Vulnerability of the web application
  • Web attack

Fingerprint Dive into the research topics of 'Security maturity model of web applications for cyber attacks'. Together they form a unique fingerprint.

Cite this