Skip to main content
SpringerLink
Log in

The Importance of Safe Coding Practices and Possible Impacts on the Lack of Their Application

  • Conference paper
  • First Online:
Cybernetics and Automation Control Theory Methods in Intelligent Algorithms (CSOC 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 986))

Included in the following conference series:

Abstract

A significant change in the way organizations and companies use software has been brought by the evolution of the Internet over the time, resulting in an increasing presence of Information Systems in Web environments and, consequently, an increase in security vulnerabilities and threats. In this context, secure application development has become a crucial component for information systems in the market. This paper aims to contribute to a greater awareness of the importance of secure software coding by exposing possible impacts examples resulting from the lack of safe coding practices, as well as to present some existing recommendations from specialized agencies to avoid or treat occurrences of exploitation of vulnerabilities by malicious agents.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rexha, B., Halili, A., Rrmoku, K., Imeraj, D.: Impact of secure programming on web application vulnerabilities. In: 2015 IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS), Bhubaneswar, pp. 61–66 (2015). https://doi.org/10.1109/cgvis.2015.7449894

  2. Symantec Corporation: Internet security threat report, vol. 21, April 2016. http://www.ijssst.info/info/IEEE-Citation-StyleGuide.pdf. Accessed 20 Nov 2018

  3. Verizon: Verizon DBIR 2016: Web Application Attacks are the #1 Source of Data Breaches, June 2016. https://www.verizondigitalmedia.com/blog/2016/06/verizon-dbir-2016-web-application-attacks-are-the-1-source-of-data-breaches/. Accessed 15 Dec 2018

  4. OWASP: Segurança na web: Uma janela de oportunidades. Uma mensagem do OWASP Brasil ao Governo Brasileiro, March 2011. https://www.owasp.org/images/1/16/Seguranca_na_web_-_uma_janela_de_oportunidades.pdf. Accessed 5 Nov 2018

  5. Holik, F., Neradova, S.: Vulnerabilities of modern web applications. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, pp. 1256–1261 (2017)

    Google Scholar 

  6. do Espirito Santo, A.F.S.: Segurança da informação. Departamento de Ciência da Computação - Instituto Cuiabano de Educação (ICE), Cuiabá, MT, Brasil (Unpublished). http://www.ice.edu.br/TNX/encontrocomputacao/artigos-internos/aluno_adrielle_fernanda_seguranca_da_informacao.pdf. Accessed 20 Nov 2018

  7. TrendMicro: Data Breaches 101: HowTheyHappen, WhatGetsStolen, andWhere It AllGoes, August 2018. https://www.trendmicro.com/vinfo/au/security/news/cyber-attacks/data-breach-101. Accessed 15 Dec 2018

  8. Akamai: State of the Internet - Q3 2017 Report. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q3-2017-state-of-the-internet-security-report.pdf. Accessed 15 Dec 2018

  9. Ferreira, F.N.F., Araújo, M.T.D.: Política de segurança da informação – Guia prático para elaboração e implementação, 2nd. edn Revisada. Editora Ciência Moderna Ltda, Rio de Janeiro (2008)

    Google Scholar 

  10. Prazeres, A.P.: Princípios para o desenvolvimento de software seguro. Monografia (Especialização em Engenharia de Projetos de Software). Universidade do Sul de Santa Catarina, Florianópolis, SC, Brasil (2015)

    Google Scholar 

  11. Kumar, R.: Mitigating the authentication vulnerabilities in web applications through security requirements. Inf. Commun. Technol. (WICT) 60(2), 651–663 (2016). https://doi.org/10.1109/WICT.2011.6141435

    Article  Google Scholar 

  12. Holanda, M.T., Fernandes, J.H.C.: Segurança no desenvolvimento de aplicações: GSIC701. Curso de Especialização em Gestão da Segurança da Informação e Comunicações: 2009/2011. Departamento de Ciências da Computação da Universidade de Brasília. Brasília, DF, Brasil, November 2017

    Google Scholar 

  13. OWASP: About the open web application security project, 25 November 2017. https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project. Accessed 10 Nov 2018

  14. Mon’teverde, W.A.: Estudo e análise de vulnerabilidades web. Trabalho de conclusão de curso (Curso superior de Tecnologia em Sistemas para a Internet). Universidade Tecnológica Federal do Paraná, Campo Mourão, PR, Brasil (2014)

    Google Scholar 

  15. Atashzar, H., Torkaman, A., Bahrololum, M., Tadayon, M.H.: A survey on web application vulnerabilities and countermeasures. In: 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), Seogwipo, pp. 647–652 (2011)

    Google Scholar 

  16. OWASP: The ten most critical web application security risks. OWASP Foundation, Final Release, November 2017. https://www.owasp.org/index.php/Top_10-2017_Top_10. Accessed 25 Nov 2018

  17. Mitre Corporation: CWE (Common Weakness Enumeration), 3 February 2018 https://cwe.mitre.org/. Accessed 06 Nov 2017

  18. Mitre Corporation: CWE/SANS Top 25 most dangerous software errors, 06 June 2011. http://cwe.mitre.org/top25/. Accessed 25 Nov 2017

  19. Web Application Security Consortion: WASC – The web application security consortion. http://www.webappsec.org/aboutus.shtml. Accessed 10 Nov 2017

  20. Web Application Security Consortion: The WASC Threat Classification, 2nd edn, 1 January 2010. http://projects.webappsec.org/f/WASC-TC-v2_0.pdf. Accessed 10 Nov 2017

  21. OWASP: Vulnerability Classification Mappings, 21 Januray 2010. https://www.owasp.org/index.php/Vulnerability_Classification_Mappings. Accessed 10 Nov 2017

  22. Web Application Security Consortion: Threat classification taxonomy cross reference view (2013). http://projects.webappsec.org/w/page/13246975/Threat%20Classification%20Taxonomy%20Cross%20Reference%20View. Accessed 10 Nov 2017

  23. OWASP: OWASP Top 10 Proactive Controls 2016. 10 critical security areas that web developers must be aware of. https://www.owasp.org/images/5/57/OWASP_Proactive_Controls_2.pdf. Accessed 10 Nov 2017

  24. Mitre Corporation: 2011 CWE/SANS Top 25: Monster Mitigations, 23 June 2011. http://cwe.mitre.org/top25/mitigations.html. Accessed 10 Nov 2017

  25. Santiago, H.L.P., Lisboa, G.d.S.: Segurança de sistemas da informação – ‘O contexto da segurança dos sistemas de informação. Faculdade Atenas, Paracatu, MG, Brasil (2011). http://www.atenas.edu.br/Faculdade/arquivos/NucleoIniciacaoCiencia/REVISTAS/REVIST2011/6.pdf. Accessed 28 Nov 2017

Download references

Author information

Authors and Affiliations

  1. Universidade de Fortaleza, Fortaleza, CE, Brazil

    Gleidson Sobreira Leite & Adriano Bessa Albuquerque

Authors
  1. Gleidson Sobreira Leite
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adriano Bessa Albuquerque
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gleidson Sobreira Leite .

Editor information

Editors and Affiliations

  1. Faculty of Applied Informatics, Tomas Bata University in Zlín, Zlín, Czech Republic

    Radek Silhavy

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leite, G.S., Albuquerque, A.B. (2019). The Importance of Safe Coding Practices and Possible Impacts on the Lack of Their Application. In: Silhavy, R. (eds) Cybernetics and Automation Control Theory Methods in Intelligent Algorithms. CSOC 2019. Advances in Intelligent Systems and Computing, vol 986. Springer, Cham. https://doi.org/10.1007/978-3-030-19813-8_22

Download citation

Publish with us

Policies and ethics

Search

Navigation