Desarrollo de una interfaz web, que permita mejorar la seguridad en la transferencia de estados de servicios web, basado en autenticación y autorización mediante el estándar Json Web Token.

Abstract

The present research work was carried out with the purpose of investigating and mitigating the vulnerabilities that occur daily in web-oriented services. Computer security is one of the fundamental pillars that must be taken into account when implementing REST-type web services, in order to maintain the integrity of the information in the state transfers or consumption of the services. For this reason, REST web services have been developed together with the Json Web Token security standard in the academic system of the Escuela Superior Politécnica de Chimborazo (ESPOCH). In the present investigation the following scenarios were carried out, in scenario 1 the REST type web services of the academic system were implemented without the use of the Json Web Token (JWT) security standard, and scenario 2 the REST type web services of the academic system were implemented with authentication and the Json Web Token security standard, for the transfer of states with each of the GET, POST, PUT, and DELETE methods. The following hypothesis, the implementation of a Web interface with the Json Web Token security standard guarantees the access and secure authorization to the web services of the academic system of the Escuela Superior Politécnica de Chimborazo, applying the observation based on the evaluated parameters, 92.5% of optimization in the level of satisfaction was obtained. 5% of optimization in the level of satisfaction, and in turn applying the Vooki pentesting tool was obtained an 80% optimization of vulnerability numbers detected in the state transfer, it is concluded that the proposed standard optimizes the level of security in web services that REST type and the proper configuration for the generation of the security token is recommended.