Examinando por Materia "Security"
Mostrando 1 - 11 de 11
Resultados por página
Opciones de ordenación
Publicación Análisis de seguridad de XSS, SQL Injection y CSRF en Laravel, Django, Express y Spring(Universidad EAFIT, 2022) Ramos Mena, Ángel Eduardo; Correa Botero, Daniel; Vallejo Correa, Paola AndreaThe development of technological applications has constantly been evolving to provide a better experience for users, as it can ensure their security to avoid specific threats that could interfere with their actual operation. Despite the efforts, internal and external security threats are present, which is why it is necessary to take all possible precautions to respond to them. Currently, web application frameworks (Web Application Frameworks - WAF) facilitate development and enhance security in web applications. In this work, we focus on how the WAFs Laravel, Express, Spring, and Django, provide mechanisms to implement security in web applications. An application was developed with the MVC (Model - View - Controller) architecture pattern in each of the selected WAFs. Cross-Site Scripting, SQL Injection, and Cross-Site Request Forgery hacking techniques were chosen to alter the applications in an unauthorized manner. These techniques were used to observe how applications can be breached. We also analyzed how prepared WAFs are to deal with these techniques, what rules they incorporate to ensure adequate protection, and how risk can be minimized to make development in a specific WAF more secure.Publicación Comunicar para gobernar : la comunicación de lo “político” para la implementación del Plan Integral de Seguridad y Convivencia Ciudadana PISCC de Medellín 2020- 2023(Universidad EAFIT, 2024) Agudelo Botero, Juan Diego; Restrepo Echavarría, Néstor JuliánPublicación Contrarios y asimétricos. Transformaciones del concepto de la seguridad en el discurso de los industriales y empresarios medellinenses (1940-2000)(Universidad EAFIT, 2024) Lopera Becerra, Andrés Felipe; López Lopera, Liliana MaríaÍtem A domain-specific modeling framework for attack surface modeling(SciTePress, 2020-01-01) Sun, T.N.; Drouot, B.; Golra, F.R.; Champeau, J.; Guerin, S.; Le Roux, L.; Mazo, R.; Teodorov, C.; Van Aertryck, L.; L'Hostis, B.; Universidad EAFIT. Departamento de Ingeniería de Sistemas; I+D+I en Tecnologías de la Información y las ComunicacionesCybersecurity is becoming vital as industries are gradually moving from automating physical processes to a higher level automation using cyber physical systems (CPS) and internet of things (IoT). In this context, security is becoming a continuous process that runs in parallel to other processes during the complete life cycle of a system. Traditional threat analysis methods use design models alongside threat models as an input for security analysis, hence missing the life-cycle-based dynamicity required by the security concern. In this paper, we argue for an attacker-aware systems modeling language that exposes the systems attack surfaces. For this purpose, we have designed Pimca, a domain specific modeling language geared towards capturing the attacker point of view of the system. This study introduces the formalism along with the Pimca workbench, a framework designed to ease the development and manipulation of the Pimca models. Finally, we present two relevant use cases, serving as a preliminary validation of our approach. © Copyright 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.Publicación Estrategia de trazabilidad de elementos de seguridad a través del ciclo de vida del software usando el modelo cascada(Universidad EAFIT, 2025) Zuluaga Ossa, David Ricardo; Vallejo Correa, Paola Andrea; Correa Botero, DanielSecurity in software development is a critical concern that must be addressed throughout the entire software development lifecycle (SDLC). Effective integration of security practices is essential to ensure system integrity, confidentiality, and availability. Existing frameworks such as Secure SDLC, OWASP, and ISO/IEC 27034 promote the incorporation of security from the early stages of development. However, these methodologies often overlook the continuous traceability of security requirements, particularly within sequential models like the waterfall model, where the lack of iterative feedback limits visibility and adaptability across phases. This work proposes a traceability strategy tailored to the waterfall model as described by Sommerville, focusing on linking security requirements from their initial specification through design, implementation, and testing. The proposed approach facilitates early detection of omissions and deviations, enhances consistency and quality in deliverables, supports auditing and compliance verification, and reduces the costs associated with late-stage security fixes. Furthermore, it fosters stakeholder confidence by providing transparent evidence of secure and structured development practices across the project lifecycle.Ítem Los fundamentos del Pensamiento y las Prácticas Administrativas. 2- LA TRILOGÍA ADMINISTRATIVA(Universidad EAFIT, 01/06/2004) Renée Bédard; HECÍtem La gubernamentalidad biopolítica: de la sociedad de control estatal al liberalismo(Universidad EAFIT, 2018-08-30) Urabayen, Julia; Casero, Jorge León; Universidad de Navarra; Universidad de ZaragozaPublicación IoT como tendencia : retos y beneficios generados por la implementación de este tipo de soluciones en empresas colombianas del sector de industria y comercio(Universidad EAFIT, 2019) Franco Agudelo, Paulo Alejandro; Osorio Lema, Edwin Alexis; Giraldo Hernández, Gina MaríaThe Internet of Things (IoT) has been growing rapidly in the past few years, generating a great amount of applications in different economic sectors, which can be implemented in any Company and any place in the world. Its advantages can’t be denied, nevertheless there are still a few topics and concerns about security and a possible unemployment issue due to the fact that these things can replace human labor for machines or things that can make the same work even more effective. Through an exploratory and descriptive analysis this paper tends to give a context about the tendencies and the evolution of IoT solutions in the past few years. Likewise, identifies the different trends in these kinds of solutions, especially in Colombia, to analyze the problems and advantages companies will have to deal with. Throughout this essay will be introduced situations, cases and explanatory examples, that will let us identify the benefits and dares found during implementing this type of solution.Publicación Política exterior colombiana : historia, agenda y perspectivas / editores, Paula Ruiz-Camacho, Luis Fernando Vargas-Alzate(Medellín : Editorial EAFIT, 2025) Orjuela Ramírez, Paula Andrea; Vargas-Alzate, Luis Fernando; Morales Henao, Alejandro; Amaya Alviar, Ana María; Pinto Quijano, Ángela Cristina; Cubides, Caren; Cepeda Másmela, Carolina; Rojas, Diana Marcela; Jaramillo Mutis, Diego; Sánchez, Fabio; Coy Granados, Francisco J.; Vásquez Merchán, Irma Liliana; Cepeda-Ladino, Julio César; Pantoja Rodríguez, Manuel Alejandro; Monroy, María Catalina; Sanzón, María Fernanda; Ardila, Martha; Piñeros Ayala, Rafael Enrique; Mosquera Roa, Valentina; Rouvinski, Vladimir; Ruiz-Camacho, Paula; Tickner, Arlene B.Esta publicación, que busca propiciar debates en el aula y fomentar futuras investigaciones, se presenta a la comunidad académica no solo como una guía de estudio, sino también como una reflexión sobre la política internacional de Colombia desde la Independencia hasta la actualidad. Organizada en quince capítulos alrededor de dos ejes principales –la historia y la agenda–, la obra describe y analiza temas como la influencia del conflicto y la seguridad en la política exterior nacional, el funcionamiento institucional del Estado en la formulación de esta política, y el impacto del bilateralismo con Venezuela, así como los procesos de integración regional más relevantes para el país. Además, aborda el rol de Colombia en la cooperación internacional para el desarrollo y sus relaciones bilaterales con China y Rusia, antes de cerrar con una revisión sobre los avances de la disciplina en el país. Este libro es una lectura esencial para quienes se interesan en la política exterior colombiana.Ítem Surveillance Camera Location Models on a Public Transportation Network(Universidad EAFIT, 2017-04-24) Solano-Pinzón, Nathaly; Pinzón-Marroquín, David; Guerrero, William Javier; Escuela Colombiana de Ingeniería Julio GaravitoÍtem Using the AMAN-DA method to generate security requirements: a case study in the maritime domain(London : Springer-Verlag, 2018-11-01) Souag A.; Mazo R.; Salinesi C.; Comyn-Wattiau I.; Souag A.; Mazo R.; Salinesi C.; Comyn-Wattiau I.; Universidad EAFIT. Departamento de Ingeniería de Sistemas; I+D+I en Tecnologías de la Información y las ComunicacionesSecurity requirements are known to be “the most difficult of requirements types” and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain-specific security requirements? Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain-specific security requirements. The usefulness of the method was also evaluated with a group of 12 experts. The paper demonstrates the elicitation of domain-specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice and future research, especially for the field of knowledge reuse in requirements engineering. © 2017, Springer-Verlag London Ltd.