Security maturity model of web applications for cyber attacks

Renato Rojas; Ana Muedas; David Mauricio

doi:10.1145/3309074.3309096

Security maturity model of web applications for cyber attacks

Renato Rojas, Ana Muedas, David Mauricio

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Bearing in mind that the projections made for the area of information security point to an increase in attacks on the health sector, added to the lack or little diffusion of security maturity models that allow organizations to know the status of their website in terms of security and that the existing models lack a post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks, oriented to the health sector, which is simple to apply. The proposed model will be based on the International Professional Practice Framework methodology and will include the main vulnerabilities published by the Open Web Application Security Project to propose attacks that identify the weakness of the evaluated web system, so that the client company has the possibility to reinforce its weaknesses. Guides will also be proposed to select strategies to improve critical points from a security perspective. As a result of the validation, it was found that, of the 14 tests applied, 5 were approved, positioning the web at level 3 of maturity, which means that there are validations in the structure of the web; however, they are partial or inefficient.

Original language	English
Title of host publication	ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019
Publisher	Association for Computing Machinery
Pages	130-137
Number of pages	8
ISBN (Electronic)	9781450366182
DOIs	https://doi.org/10.1145/3309074.3309096
State	Published - 19 Jan 2019
Event	3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019 - Kuala Lumpur, Malaysia Duration: 19 Jan 2019 → 21 Jan 2019

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019
Country/Territory	Malaysia
City	Kuala Lumpur
Period	19/01/19 → 21/01/19

Bibliographical note

Publisher Copyright:
© 2019 Copyright is held by the owner/author(s).

Keywords

Clinical records
Cyber defense
Cyber-attack
Penetration tests
Security information
Vulnerability of the web application
Web attack

Access to Document

10.1145/3309074.3309096

Cite this

Rojas, R., Muedas, A., & Mauricio, D. (2019). Security maturity model of web applications for cyber attacks. In ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019 (pp. 130-137). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3309074.3309096

Rojas, Renato ; Muedas, Ana ; Mauricio, David. / Security maturity model of web applications for cyber attacks. ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019. Association for Computing Machinery, 2019. pp. 130-137 (ACM International Conference Proceeding Series).

@inproceedings{8d38a274de4d4b0696a9dec85ac2af1d,

title = "Security maturity model of web applications for cyber attacks",

abstract = "Bearing in mind that the projections made for the area of information security point to an increase in attacks on the health sector, added to the lack or little diffusion of security maturity models that allow organizations to know the status of their website in terms of security and that the existing models lack a post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks, oriented to the health sector, which is simple to apply. The proposed model will be based on the International Professional Practice Framework methodology and will include the main vulnerabilities published by the Open Web Application Security Project to propose attacks that identify the weakness of the evaluated web system, so that the client company has the possibility to reinforce its weaknesses. Guides will also be proposed to select strategies to improve critical points from a security perspective. As a result of the validation, it was found that, of the 14 tests applied, 5 were approved, positioning the web at level 3 of maturity, which means that there are validations in the structure of the web; however, they are partial or inefficient.",

keywords = "Clinical records, Cyber defense, Cyber-attack, Penetration tests, Security information, Vulnerability of the web application, Web attack",

author = "Renato Rojas and Ana Muedas and David Mauricio",

note = "Publisher Copyright: {\textcopyright} 2019 Copyright is held by the owner/author(s).; 3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019 ; Conference date: 19-01-2019 Through 21-01-2019",

year = "2019",

month = jan,

day = "19",

doi = "10.1145/3309074.3309096",

language = "Ingl{\'e}s",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "130--137",

booktitle = "ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019",

}

Rojas, R, Muedas, A & Mauricio, D 2019, Security maturity model of web applications for cyber attacks. in ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 130-137, 3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019, Kuala Lumpur, Malaysia, 19/01/19. https://doi.org/10.1145/3309074.3309096

Security maturity model of web applications for cyber attacks. / Rojas, Renato; Muedas, Ana; Mauricio, David.
ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019. Association for Computing Machinery, 2019. p. 130-137 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security maturity model of web applications for cyber attacks

AU - Rojas, Renato

AU - Muedas, Ana

AU - Mauricio, David

PY - 2019/1/19

Y1 - 2019/1/19

N2 - Bearing in mind that the projections made for the area of information security point to an increase in attacks on the health sector, added to the lack or little diffusion of security maturity models that allow organizations to know the status of their website in terms of security and that the existing models lack a post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks, oriented to the health sector, which is simple to apply. The proposed model will be based on the International Professional Practice Framework methodology and will include the main vulnerabilities published by the Open Web Application Security Project to propose attacks that identify the weakness of the evaluated web system, so that the client company has the possibility to reinforce its weaknesses. Guides will also be proposed to select strategies to improve critical points from a security perspective. As a result of the validation, it was found that, of the 14 tests applied, 5 were approved, positioning the web at level 3 of maturity, which means that there are validations in the structure of the web; however, they are partial or inefficient.

AB - Bearing in mind that the projections made for the area of information security point to an increase in attacks on the health sector, added to the lack or little diffusion of security maturity models that allow organizations to know the status of their website in terms of security and that the existing models lack a post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks, oriented to the health sector, which is simple to apply. The proposed model will be based on the International Professional Practice Framework methodology and will include the main vulnerabilities published by the Open Web Application Security Project to propose attacks that identify the weakness of the evaluated web system, so that the client company has the possibility to reinforce its weaknesses. Guides will also be proposed to select strategies to improve critical points from a security perspective. As a result of the validation, it was found that, of the 14 tests applied, 5 were approved, positioning the web at level 3 of maturity, which means that there are validations in the structure of the web; however, they are partial or inefficient.

KW - Clinical records

KW - Cyber defense

KW - Cyber-attack

KW - Penetration tests

KW - Security information

KW - Vulnerability of the web application

KW - Web attack

UR - http://www.scopus.com/inward/record.url?scp=85064748656&partnerID=8YFLogxK

U2 - 10.1145/3309074.3309096

DO - 10.1145/3309074.3309096

M3 - Contribución a la conferencia

AN - SCOPUS:85064748656

T3 - ACM International Conference Proceeding Series

SP - 130

EP - 137

BT - ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019

PB - Association for Computing Machinery

T2 - 3rd International Conference on Cryptography, Security and Privacy, ICCSP 2019 with Workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019

Y2 - 19 January 2019 through 21 January 2019

ER -

Rojas R, Muedas A, Mauricio D. Security maturity model of web applications for cyber attacks. In ICCSP 2019 - Proceeding of 2019 the 3rd International Conference on Cryptography, Security and Privacy, with workshop 2019 the 4th International Conference on Multimedia and Image Processing, ICMIP 2019. Association for Computing Machinery. 2019. p. 130-137. (ACM International Conference Proceeding Series). doi: 10.1145/3309074.3309096

Security maturity model of web applications for cyber attacks

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this