Examinando por Materia "Security"
Mostrando 1 - 9 de 9
Resultados por página
Opciones de ordenación
Ítem Análisis de seguridad de XSS, SQL Injection y CSRF en Laravel, Django, Express y Spring(Universidad EAFIT, 2022) Ramos Mena, Ángel Eduardo; Correa Botero, Daniel; Vallejo Correa, Paola AndreaThe development of technological applications has constantly been evolving to provide a better experience for users, as it can ensure their security to avoid specific threats that could interfere with their actual operation. Despite the efforts, internal and external security threats are present, which is why it is necessary to take all possible precautions to respond to them. Currently, web application frameworks (Web Application Frameworks - WAF) facilitate development and enhance security in web applications. In this work, we focus on how the WAFs Laravel, Express, Spring, and Django, provide mechanisms to implement security in web applications. An application was developed with the MVC (Model - View - Controller) architecture pattern in each of the selected WAFs. Cross-Site Scripting, SQL Injection, and Cross-Site Request Forgery hacking techniques were chosen to alter the applications in an unauthorized manner. These techniques were used to observe how applications can be breached. We also analyzed how prepared WAFs are to deal with these techniques, what rules they incorporate to ensure adequate protection, and how risk can be minimized to make development in a specific WAF more secure.Ítem Comunicar para gobernar : la comunicación de lo “político” para la implementación del Plan Integral de Seguridad y Convivencia Ciudadana PISCC de Medellín 2020- 2023(Universidad EAFIT, 2024) Agudelo Botero, Juan Diego; Restrepo Echavarría, Néstor JuliánÍtem Contrarios y asimétricos. Transformaciones del concepto de la seguridad en el discurso de los industriales y empresarios medellinenses (1940-2000)(Universidad EAFIT, 2024) Lopera Becerra, Andrés Felipe; López Lopera, Liliana MaríaÍtem A domain-specific modeling framework for attack surface modeling(SciTePress, 2020-01-01) Sun, T.N.; Drouot, B.; Golra, F.R.; Champeau, J.; Guerin, S.; Le Roux, L.; Mazo, R.; Teodorov, C.; Van Aertryck, L.; L'Hostis, B.; Universidad EAFIT. Departamento de Ingeniería de Sistemas; I+D+I en Tecnologías de la Información y las ComunicacionesCybersecurity is becoming vital as industries are gradually moving from automating physical processes to a higher level automation using cyber physical systems (CPS) and internet of things (IoT). In this context, security is becoming a continuous process that runs in parallel to other processes during the complete life cycle of a system. Traditional threat analysis methods use design models alongside threat models as an input for security analysis, hence missing the life-cycle-based dynamicity required by the security concern. In this paper, we argue for an attacker-aware systems modeling language that exposes the systems attack surfaces. For this purpose, we have designed Pimca, a domain specific modeling language geared towards capturing the attacker point of view of the system. This study introduces the formalism along with the Pimca workbench, a framework designed to ease the development and manipulation of the Pimca models. Finally, we present two relevant use cases, serving as a preliminary validation of our approach. © Copyright 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.Ítem Los fundamentos del Pensamiento y las Prácticas Administrativas. 2- LA TRILOGÍA ADMINISTRATIVA(Universidad EAFIT, 01/06/2004) Renée Bédard; HECÍtem La gubernamentalidad biopolítica: de la sociedad de control estatal al liberalismo(Universidad EAFIT, 2018-08-30) Urabayen, Julia; Casero, Jorge León; Universidad de Navarra; Universidad de ZaragozaÍtem IoT como tendencia : retos y beneficios generados por la implementación de este tipo de soluciones en empresas colombianas del sector de industria y comercio(Universidad EAFIT, 2019) Franco Agudelo, Paulo Alejandro; Osorio Lema, Edwin Alexis; Giraldo Hernández, Gina MaríaThe Internet of Things (IoT) has been growing rapidly in the past few years, generating a great amount of applications in different economic sectors, which can be implemented in any Company and any place in the world. Its advantages can’t be denied, nevertheless there are still a few topics and concerns about security and a possible unemployment issue due to the fact that these things can replace human labor for machines or things that can make the same work even more effective. Through an exploratory and descriptive analysis this paper tends to give a context about the tendencies and the evolution of IoT solutions in the past few years. Likewise, identifies the different trends in these kinds of solutions, especially in Colombia, to analyze the problems and advantages companies will have to deal with. Throughout this essay will be introduced situations, cases and explanatory examples, that will let us identify the benefits and dares found during implementing this type of solution.Ítem Surveillance Camera Location Models on a Public Transportation Network(Universidad EAFIT, 2017-04-24) Solano-Pinzón, Nathaly; Pinzón-Marroquín, David; Guerrero, William Javier; Escuela Colombiana de Ingeniería Julio GaravitoÍtem Using the AMAN-DA method to generate security requirements: a case study in the maritime domain(London : Springer-Verlag, 2018-11-01) Souag A.; Mazo R.; Salinesi C.; Comyn-Wattiau I.; Souag A.; Mazo R.; Salinesi C.; Comyn-Wattiau I.; Universidad EAFIT. Departamento de Ingeniería de Sistemas; I+D+I en Tecnologías de la Información y las ComunicacionesSecurity requirements are known to be “the most difficult of requirements types” and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain-specific security requirements? Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain-specific security requirements. The usefulness of the method was also evaluated with a group of 12 experts. The paper demonstrates the elicitation of domain-specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice and future research, especially for the field of knowledge reuse in requirements engineering. © 2017, Springer-Verlag London Ltd.