To achieve a satisfactory level of security of an information system, different system and application methods are applied. The paper has a focus on general aspects of application IT security, thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report, out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools, which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications, Android operating system is especially featured, as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate, vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security, some of the newer solutions are shown, such as RASP approach. The paper particularly ...emphasizes the importance of security testing of applications, with accent on testing phase. Finally, in addition to the previously explained application of security methods, an overview of security methods of a general character is given.
Za postizanje zadovoljavajućeg nivoa bezbednosti jednog informacionog sistema primenjuju se sistemske i aplikativne mere. Rad je fokusiran na opšte aspekte aplikativne IT bezbednosti, uz pregled bezbednosnih metoda primenjenih na veb i mobilne aplikacije. U skladu sa izveštajem OWASP, od veb-ranjivosti izdvojeni su, kao najčešći, napadi tipa SQL Injection i Cross-site Scripting. U radu je istaknuta i uloga alata za analizu koda, koji doprinose detekciji bezbednosnih propusta analizirane aplikacije. U kontekstu mobilnih aplikacija, posebno je izdvojen operativni sistem Android, kao jedan od najčešće korišćenih. Elaborirani su neophodni alati i okruženja za ispitivanje bezbednosti Android aplikacija, istaknute su ranjivosti i dat je veći broj bezbednosnih preporuka. U domenu aplikativne bezbednosti prikazana su i neka od novijih rešenja, kao što je pristup RASP. U radu je posebno istaknut značaj testiranja bezbednosti aplikacija, s akcentom na faze testiranja. Na kraju je, pored prethodn...o objašnjenih aplikativnih bezbednosnih metoda, dat i pregled metoda zaštite opšteg karaktera.
Keywords:
veb-aplikacije / mobilne aplikacije / bezbednost / Android / OWASP / RASP / alati za analizu koda / testiranje bezbednosti
TY - JOUR
AU - Čisar, Petar
PY - 2017
UR - http://jakov.kpu.edu.rs/handle/123456789/769
AB - To achieve a satisfactory level of security of an information system, different system and application methods are applied. The paper has a focus on general aspects of application IT security, thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report, out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools, which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications, Android operating system is especially featured, as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate, vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security, some of the newer solutions are shown, such as RASP approach. The paper particularly emphasizes the importance of security testing of applications, with accent on testing phase. Finally, in addition to the previously explained application of security methods, an overview of security methods of a general character is given.
AB - Za postizanje zadovoljavajućeg nivoa bezbednosti jednog informacionog sistema primenjuju se sistemske i aplikativne mere. Rad je fokusiran na opšte aspekte aplikativne IT bezbednosti, uz pregled bezbednosnih metoda primenjenih na veb i mobilne aplikacije. U skladu sa izveštajem OWASP, od veb-ranjivosti izdvojeni su, kao najčešći, napadi tipa SQL Injection i Cross-site Scripting. U radu je istaknuta i uloga alata za analizu koda, koji doprinose detekciji bezbednosnih propusta analizirane aplikacije. U kontekstu mobilnih aplikacija, posebno je izdvojen operativni sistem Android, kao jedan od najčešće korišćenih. Elaborirani su neophodni alati i okruženja za ispitivanje bezbednosti Android aplikacija, istaknute su ranjivosti i dat je veći broj bezbednosnih preporuka. U domenu aplikativne bezbednosti prikazana su i neka od novijih rešenja, kao što je pristup RASP. U radu je posebno istaknut značaj testiranja bezbednosti aplikacija, s akcentom na faze testiranja. Na kraju je, pored prethodno objašnjenih aplikativnih bezbednosnih metoda, dat i pregled metoda zaštite opšteg karaktera.
PB - Kriminalističko- policijska akademija, Beograd
T2 - Nauka, bezbednost, policija
T1 - General aspects of application it security
T1 - Opšti aspekti aplikativne it bezbednosti
VL - 22
IS - 2
SP - 33
EP - 46
DO - 10.5937/nabepo22-13128
UR - conv_74
ER -
@article{
author = "Čisar, Petar",
year = "2017",
abstract = "To achieve a satisfactory level of security of an information system, different system and application methods are applied. The paper has a focus on general aspects of application IT security, thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report, out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools, which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications, Android operating system is especially featured, as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate, vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security, some of the newer solutions are shown, such as RASP approach. The paper particularly emphasizes the importance of security testing of applications, with accent on testing phase. Finally, in addition to the previously explained application of security methods, an overview of security methods of a general character is given., Za postizanje zadovoljavajućeg nivoa bezbednosti jednog informacionog sistema primenjuju se sistemske i aplikativne mere. Rad je fokusiran na opšte aspekte aplikativne IT bezbednosti, uz pregled bezbednosnih metoda primenjenih na veb i mobilne aplikacije. U skladu sa izveštajem OWASP, od veb-ranjivosti izdvojeni su, kao najčešći, napadi tipa SQL Injection i Cross-site Scripting. U radu je istaknuta i uloga alata za analizu koda, koji doprinose detekciji bezbednosnih propusta analizirane aplikacije. U kontekstu mobilnih aplikacija, posebno je izdvojen operativni sistem Android, kao jedan od najčešće korišćenih. Elaborirani su neophodni alati i okruženja za ispitivanje bezbednosti Android aplikacija, istaknute su ranjivosti i dat je veći broj bezbednosnih preporuka. U domenu aplikativne bezbednosti prikazana su i neka od novijih rešenja, kao što je pristup RASP. U radu je posebno istaknut značaj testiranja bezbednosti aplikacija, s akcentom na faze testiranja. Na kraju je, pored prethodno objašnjenih aplikativnih bezbednosnih metoda, dat i pregled metoda zaštite opšteg karaktera.",
publisher = "Kriminalističko- policijska akademija, Beograd",
journal = "Nauka, bezbednost, policija",
title = "General aspects of application it security, Opšti aspekti aplikativne it bezbednosti",
volume = "22",
number = "2",
pages = "33-46",
doi = "10.5937/nabepo22-13128",
url = "conv_74"
}
Čisar, P.. (2017). General aspects of application it security. in Nauka, bezbednost, policija
Kriminalističko- policijska akademija, Beograd., 22(2), 33-46.
https://doi.org/10.5937/nabepo22-13128
conv_74
Čisar P. General aspects of application it security. in Nauka, bezbednost, policija. 2017;22(2):33-46.
doi:10.5937/nabepo22-13128
conv_74 .
Čisar, Petar, "General aspects of application it security" in Nauka, bezbednost, policija, 22, no. 2 (2017):33-46,
https://doi.org/10.5937/nabepo22-13128 .,
conv_74 .
