Abstract
A significant change in the way organizations and companies use software has been brought by the evolution of the Internet over the time, resulting in an increasing presence of Information Systems in Web environments and, consequently, an increase in security vulnerabilities and threats. In this context, secure application development has become a crucial component for information systems in the market. This paper aims to contribute to a greater awareness of the importance of secure software coding by exposing possible impacts examples resulting from the lack of safe coding practices, as well as to present some existing recommendations from specialized agencies to avoid or treat occurrences of exploitation of vulnerabilities by malicious agents.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rexha, B., Halili, A., Rrmoku, K., Imeraj, D.: Impact of secure programming on web application vulnerabilities. In: 2015 IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS), Bhubaneswar, pp. 61–66 (2015). https://doi.org/10.1109/cgvis.2015.7449894
Symantec Corporation: Internet security threat report, vol. 21, April 2016. http://www.ijssst.info/info/IEEE-Citation-StyleGuide.pdf. Accessed 20 Nov 2018
Verizon: Verizon DBIR 2016: Web Application Attacks are the #1 Source of Data Breaches, June 2016. https://www.verizondigitalmedia.com/blog/2016/06/verizon-dbir-2016-web-application-attacks-are-the-1-source-of-data-breaches/. Accessed 15 Dec 2018
OWASP: Segurança na web: Uma janela de oportunidades. Uma mensagem do OWASP Brasil ao Governo Brasileiro, March 2011. https://www.owasp.org/images/1/16/Seguranca_na_web_-_uma_janela_de_oportunidades.pdf. Accessed 5 Nov 2018
Holik, F., Neradova, S.: Vulnerabilities of modern web applications. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, pp. 1256–1261 (2017)
do Espirito Santo, A.F.S.: Segurança da informação. Departamento de Ciência da Computação - Instituto Cuiabano de Educação (ICE), Cuiabá, MT, Brasil (Unpublished). http://www.ice.edu.br/TNX/encontrocomputacao/artigos-internos/aluno_adrielle_fernanda_seguranca_da_informacao.pdf. Accessed 20 Nov 2018
TrendMicro: Data Breaches 101: HowTheyHappen, WhatGetsStolen, andWhere It AllGoes, August 2018. https://www.trendmicro.com/vinfo/au/security/news/cyber-attacks/data-breach-101. Accessed 15 Dec 2018
Akamai: State of the Internet - Q3 2017 Report. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q3-2017-state-of-the-internet-security-report.pdf. Accessed 15 Dec 2018
Ferreira, F.N.F., Araújo, M.T.D.: PolÃtica de segurança da informação – Guia prático para elaboração e implementação, 2nd. edn Revisada. Editora Ciência Moderna Ltda, Rio de Janeiro (2008)
Prazeres, A.P.: PrincÃpios para o desenvolvimento de software seguro. Monografia (Especialização em Engenharia de Projetos de Software). Universidade do Sul de Santa Catarina, Florianópolis, SC, Brasil (2015)
Kumar, R.: Mitigating the authentication vulnerabilities in web applications through security requirements. Inf. Commun. Technol. (WICT) 60(2), 651–663 (2016). https://doi.org/10.1109/WICT.2011.6141435
Holanda, M.T., Fernandes, J.H.C.: Segurança no desenvolvimento de aplicações: GSIC701. Curso de Especialização em Gestão da Segurança da Informação e Comunicações: 2009/2011. Departamento de Ciências da Computação da Universidade de BrasÃlia. BrasÃlia, DF, Brasil, November 2017
OWASP: About the open web application security project, 25 November 2017. https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project. Accessed 10 Nov 2018
Mon’teverde, W.A.: Estudo e análise de vulnerabilidades web. Trabalho de conclusão de curso (Curso superior de Tecnologia em Sistemas para a Internet). Universidade Tecnológica Federal do Paraná, Campo Mourão, PR, Brasil (2014)
Atashzar, H., Torkaman, A., Bahrololum, M., Tadayon, M.H.: A survey on web application vulnerabilities and countermeasures. In: 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), Seogwipo, pp. 647–652 (2011)
OWASP: The ten most critical web application security risks. OWASP Foundation, Final Release, November 2017. https://www.owasp.org/index.php/Top_10-2017_Top_10. Accessed 25 Nov 2018
Mitre Corporation: CWE (Common Weakness Enumeration), 3 February 2018 https://cwe.mitre.org/. Accessed 06 Nov 2017
Mitre Corporation: CWE/SANS Top 25 most dangerous software errors, 06 June 2011. http://cwe.mitre.org/top25/. Accessed 25 Nov 2017
Web Application Security Consortion: WASC – The web application security consortion. http://www.webappsec.org/aboutus.shtml. Accessed 10 Nov 2017
Web Application Security Consortion: The WASC Threat Classification, 2nd edn, 1 January 2010. http://projects.webappsec.org/f/WASC-TC-v2_0.pdf. Accessed 10 Nov 2017
OWASP: Vulnerability Classification Mappings, 21 Januray 2010. https://www.owasp.org/index.php/Vulnerability_Classification_Mappings. Accessed 10 Nov 2017
Web Application Security Consortion: Threat classification taxonomy cross reference view (2013). http://projects.webappsec.org/w/page/13246975/Threat%20Classification%20Taxonomy%20Cross%20Reference%20View. Accessed 10 Nov 2017
OWASP: OWASP Top 10 Proactive Controls 2016. 10 critical security areas that web developers must be aware of. https://www.owasp.org/images/5/57/OWASP_Proactive_Controls_2.pdf. Accessed 10 Nov 2017
Mitre Corporation: 2011 CWE/SANS Top 25: Monster Mitigations, 23 June 2011. http://cwe.mitre.org/top25/mitigations.html. Accessed 10 Nov 2017
Santiago, H.L.P., Lisboa, G.d.S.: Segurança de sistemas da informação – ‘O contexto da segurança dos sistemas de informação. Faculdade Atenas, Paracatu, MG, Brasil (2011). http://www.atenas.edu.br/Faculdade/arquivos/NucleoIniciacaoCiencia/REVISTAS/REVIST2011/6.pdf. Accessed 28 Nov 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Leite, G.S., Albuquerque, A.B. (2019). The Importance of Safe Coding Practices and Possible Impacts on the Lack of Their Application. In: Silhavy, R. (eds) Cybernetics and Automation Control Theory Methods in Intelligent Algorithms. CSOC 2019. Advances in Intelligent Systems and Computing, vol 986. Springer, Cham. https://doi.org/10.1007/978-3-030-19813-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-19813-8_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19812-1
Online ISBN: 978-3-030-19813-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)