Jakov - Repository of the University of Criminal Investigation and Police Studies
University of Criminal Investigation and Police Studies
    • English
    • Српски
    • Српски (Serbia)
  • English 
    • English
    • Serbian (Cyrilic)
    • Serbian (Latin)
  • Login
View Item 
  •   Jakov
  • Jakov
  • Radovi istraživača / Researchers' publications
  • View Item
  •   Jakov
  • Jakov
  • Radovi istraživača / Researchers' publications
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

General aspects of application it security

Opšti aspekti aplikativne it bezbednosti

Thumbnail
2017
767.pdf (971.0Kb)
Authors
Čisar, Petar
Article (Published version)
Metadata
Show full item record
Abstract
To achieve a satisfactory level of security of an information system, different system and application methods are applied. The paper has a focus on general aspects of application IT security, thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report, out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools, which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications, Android operating system is especially featured, as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate, vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security, some of the newer solutions are shown, such as RASP approach. The paper particularly ...emphasizes the importance of security testing of applications, with accent on testing phase. Finally, in addition to the previously explained application of security methods, an overview of security methods of a general character is given.

Za postizanje zadovoljavajućeg nivoa bezbednosti jednog informacionog sistema primenjuju se sistemske i aplikativne mere. Rad je fokusiran na opšte aspekte aplikativne IT bezbednosti, uz pregled bezbednosnih metoda primenjenih na veb i mobilne aplikacije. U skladu sa izveštajem OWASP, od veb-ranjivosti izdvojeni su, kao najčešći, napadi tipa SQL Injection i Cross-site Scripting. U radu je istaknuta i uloga alata za analizu koda, koji doprinose detekciji bezbednosnih propusta analizirane aplikacije. U kontekstu mobilnih aplikacija, posebno je izdvojen operativni sistem Android, kao jedan od najčešće korišćenih. Elaborirani su neophodni alati i okruženja za ispitivanje bezbednosti Android aplikacija, istaknute su ranjivosti i dat je veći broj bezbednosnih preporuka. U domenu aplikativne bezbednosti prikazana su i neka od novijih rešenja, kao što je pristup RASP. U radu je posebno istaknut značaj testiranja bezbednosti aplikacija, s akcentom na faze testiranja. Na kraju je, pored prethodn...o objašnjenih aplikativnih bezbednosnih metoda, dat i pregled metoda zaštite opšteg karaktera.

Keywords:
veb-aplikacije / mobilne aplikacije / bezbednost / Android / OWASP / RASP / alati za analizu koda / testiranje bezbednosti
Source:
Nauka, bezbednost, policija, 2017, 22, 2, 33-46
Publisher:
  • Kriminalističko- policijska akademija, Beograd

DOI: 10.5937/nabepo22-13128

ISSN: 0354-8872

[ Google Scholar ]
URI
http://jakov.kpu.edu.rs/handle/123456789/769
Collections
  • Radovi istraživača / Researchers' publications
Institution
Jakov

DSpace software copyright © 2002-2015  DuraSpace
About Jakov - Repository of the University of Criminal Investigation and Police Studies in Belgrade | Send Feedback

OpenAIRERCUB
 

 

All of DSpaceInstitutionsAuthorsTitlesSubjectsThis institutionAuthorsTitlesSubjects

Statistics

View Usage Statistics

DSpace software copyright © 2002-2015  DuraSpace
About Jakov - Repository of the University of Criminal Investigation and Police Studies in Belgrade | Send Feedback

OpenAIRERCUB