SciELO - Scientific Electronic Library Online

 
vol.25 número3Analysis of Power and Torque Performance of a Diesel Engine Operating with Palm Biodiesel BlendsAnalysis for Selection of Battery-Based Storage Systems for Electrical Microgrids índice de autoresíndice de assuntospesquisa de artigos		Home Pagelista alfabética de periódicos  

Serviços Personalizados

Journal

Artigo

Indicadores

Links relacionados

  • Em processo de indexaçãoCitado por Google
  • Não possue artigos similaresSimilares em SciELO
  • Em processo de indexaçãoSimilares em Google

Compartilhar

Ingeniería

versão impressa ISSN 0121-750X

Resumo

MORENO MARIN, John Edison  e  CORONADO SANCHEZ, Paulo Cesar. Knowledge Base Model for Security Audits inWeb Services with SQL Injection. ing. [online]. 2020, vol.25, n.3, pp.264-283.  Epub 23-Maio-2021. ISSN 0121-750X.  https://doi.org/10.14483/23448393.15740.

Context:

Due to the large number of cyber-attacks at international and national levels (Colombia), preventive mechanisms and procedures have been triggered by organizations in order to counteract vulnerabilities in information security. The issue studied by this project arises from the need to make a proposal to the DIAN information security office to implement and follow up on the MinTIC Online Government Strategy in the Information Security and Privacy component, through the institutional information security policy and through this knowledge base model for audits in web services, applied to a particular prototype.

Method:

The general methodology for the knowledge base model the first corresponds to the collection, processing, and purification of the base, and the second corresponds to the systematization process of the proposed model. OpenKM (an open software) was implemented to support the knowledge base. For the development of the audit, it is important to keep in mind that, within the general methodology, a series of guides were included in each of the phases of the model. The project uses standards, good practices, tools, and professional advice such as ISO27000, OSSTMM, OWASP, JUnit, and the Risk Management and Audit guides issued by MinTIC. For the development of the prototype with the presented WS, the OPENUP method was used. The implementation was limited to the construction of two HTTP methods: GET and POST for consultation and information entry actions.

Results:

With this project, it was possible to create a knowledge base model implemented on OpenKM, executing a web services security audit with SQL Injection on an organizational prototype.

Conclusions:

It must be taken into account that there will never be a 100% secure infrastructure, since there will always be risks on the platforms due to the changing nature of the attacks. However, there will always be alternatives such as this base model of information security auditing to avoid or mitigate such risks or attacks.

Palavras-chave : Information model; information security; computer security; web services; web application auditing; SQL Injection; knowledge base; ontologies; taxonomies..

        · resumo em Espanhol     · texto em Espanhol     · Espanhol ( pdf )

 
Carrera 7 No. 40-53 piso 4 Facultad de Ingeniería
Teléfono (57-1) 3239300 ext. 2413