Propuesta de técnicas de aseguramiento de aplicaciones web desarrolladas en Java.

Abstract

This work aims to establish technical proposals to assure Web appl ications developed in JAVA mainly with JSP technology applied to the Web site of the Graduate and Continuing Education School - ESPOCH. The established techniques were applied to a production system such as the System Administrative Academic EPEC - SISEPE C, finding 2 stages Web to work on. One was implemented with such techniques and other without any technique. It was analyzed with the same service, the automation of the processes of the department. In each scenario, it was evaluated the vulnerabilities b y category, such as Confidentiality, Integrity and Availability (CID), which are indicators of the safety of a Web system. To analyze the vulnerability, scanning tools based on free software were used. These software are the same used by hacker communitie s worldwide such as the suites Backtrack and OSSIM. After collection and tabulation of data it was found that the techniques implemented application decreases the number of vulnerabilities in all categories of the CID, which it improved the Web site secur ity by 41.06% compared to not implementing techniques. As a conclusion, the system security Web was improved. Afterwards a security guide for securing source code of future implementations JAVA - JSP on the Web was done. It is recommended that assurance techniques must be considered and implemented in full. Also the constant updating of new vulnerabilities is necessary for this type of Web systems.