Implementación de controles que permitan garantizar la seguridad de un sitio web en base a owasp

Abstract

Owasp, open project of security of web applications, created with the purpose of guaranteeing the security and minimizing the possible vulnerabilities that these application systems present at the time of being developed, for this, the owasp project in the year 2017 launched an updated list of the top 10 of the main risks in which they are exposed. The purpose of this document is to study three vulnerabilities in the top 10 of owasp, which are XSS, Unsafe Deserialization and Component Use with known vulnerabilities. To understand how these flaws manifest in web systems, different scenarios were set up each with the respective vulnerable application to which the necessary meticulous controls were added to allow the development, acquisition and maintenance of reliable APIs. For the risk of using components with known vulnerabilities, a tool called Jexboss was used to remotely detect and exploit this vulnerability, for XSS an exploit was programmed that was able to perform concept tests and in the insecure deserialization an attack was codified. allow to demonstrate this failure in these insecure APIs.This allows us to demonstrate how critical each of these risks can be when carrying out the different attacks on these insecure websites.