Vulnerability Analysis Using The Interactive Application Security Testing (IAST) Approach For Government X Website Applications

2020 ◽  
Author(s):  
Hermawan Setiawan ◽  
Lytio Enggar Erlangga ◽  
Ido Baskoro
Keyword(s):  
Vulnerability Analysis ◽  
Security Testing ◽  
Application Security ◽  
Interactive Application

scholarly journals IMPLEMENTASI STATIC APPLICATION SECURITY TESTING MENGGUNAKAN JENKINS CI/CD BERBASIS DOCKER CONTAINER PADA PT. EMPORIA DIGITAL RAYA

2021 ◽  
Vol 9 (02) ◽  
pp. 95-99
Author(s):  
Abriza Mahandis Shama ◽  
Dian W. Chandra
Keyword(s):  
Android Application ◽  
Security Testing ◽  
Application Security ◽  
The Core ◽  
Speed Up ◽  
Code Quality

PT. Emporia Digital Raya is an fintech company. The product include web and android application. However, in the deployment system, PT Emporia Digital Raya still uses an ancient system with a single vm system and only uses git for deployment to server. Even though at this time the deployment process of an application has grown very far. Therefore, in this study will created a system which is currently popular being used. This system is called DevSecOps. Devsecops will need a tools like Jenkins, Sonarqube, and Docker. The core of this system is the automation process where the deployment process is no longer done manually as before. With this system, it is hoped that will help speed up developer work and improve code quality.

An Alternative Threat Model-based Approach for Security Testing

2015 ◽  
Vol 6 (3) ◽  
pp. 50-64 ◽  
Author(s):  
Bouchaib Falah ◽  
Mohammed Akour ◽  
Samia Oukemeni
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Security Attacks ◽  
Security Testing ◽  
Security Risks ◽  
Web Application Security ◽  
Application Security ◽  
Malicious Codes ◽  
Testing Approach ◽  
Interaction Web

In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer from bad reputation. One of the effective mitigation practices is to perform security testing against the application before release it to the market. This solution won't protect web application 100% but it will test the application against malicious codes and reduce the high number of potential attacks on web application. One of known security testing approach is threat modeling, which provides an efficient technique to identify threats that can compromise system security. The authors proposed method, in this paper, focuses on improving the effectiveness of the categorization of threats by using Open 10 Web Application Security Project's (OWASP) that are the most critical web application security risks in generating threat trees in order to cover widely known security attacks.

An Alternative Threat Model-Based Approach for Security Testing

2018 ◽  
pp. 441-454
Author(s):  
Bouchaib Falah ◽  
Mohammed Akour ◽  
Samia Oukemeni
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Security Testing ◽  
Security Risks ◽  
Web Application Security ◽  
Threat Model ◽  
Application Security ◽  
Malicious Codes ◽  
Testing Approach ◽  
Interaction Web

In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer from bad reputation. One of the effective mitigation practices is to perform security testing against the application before release it to the market. This solution won't protect web application 100% but it will test the application against malicious codes and reduce the high number of potential attacks on web application. One of known security testing approach is threat modeling, which provides an efficient technique to identify threats that can compromise system security. The authors proposed method, in this paper, focuses on improving the effectiveness of the categorization of threats by using Open 10 Web Application Security Project's (OWASP) that are the most critical web application security risks in generating threat trees in order to cover widely known security attacks.

DETECTING SERVER-SIDE ENDPOINTS IN WEB APPLICATIONS BASED ON STATIC ANALYSIS OF CLIENT-SIDE JavaScript CODE

2021 ◽  
pp. 32-54
Author(s):  
D. A. Sigalov ◽  
◽  
A. A. Khashaev ◽  
D. Yu. Gamayunov ◽  
◽  
...  
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Security Analysis ◽  
Endpoint Detection ◽  
Security Testing ◽  
Application Security ◽  
Server Side ◽  
Dynamic Web ◽  
Client Side

The problem of server-side endpoint detection in the context of blackbox security analysis of dynamic web applications is considered. We propose a method to increase coverage of server-side endpoint detection using static analysis of client-side JavaScript code to find functions which generate HTTP requests to the server-side of the application and reconstruct parameters for those functions. In the context of application security testing, static analysis allows to find such functions even in dead or unreachable JavaScript code, which cannot be achieved by dynamic crawling or dynamic code analysis. Evaluation of the proposed method and its implementation has been done using synthetic web application with endpoints vulnerable to SQL injections, and the same application was used to compare the proposed method with existing solutions. Evaluation results show that adding JavaScript static analysis to traditional dynamic crawling of web applications may significantly improve server-side endpoint coverage in blackbox application security analysis.

Sign in / Sign up

Export Citation Format

Share Document