Análise de segurança em aplicações Web construídas a partir dos frameworks Django, Express e Flask
Abstract
The choice of technologies to be used in the development of an application is of great importance, because each technology has positive and negative points, depending on the situation. Currently the market has several frameworks containing different characteristics in variou: ects, and one of these aspects is how each framework deals with security issues. This paper presents characteristics related to the protection offered by Django, Flask and Express frameworks in applications developed in order to perform tests related to the exploitation methods for Injection, Broken Authentication and XSS vulnerabilities. Using static analysis tools on the application code and performing tests with dynamic analysis tools and a manual analysis, an analysis of the frameworks will be made regarding the security methods employed by each one, the effectiveness of the security implementations and the effort to make the applications secure.References
Oliveira, R. A., RAGA, M. M., Laranjeiro, N., Vieira, M., An approach for benchmarking the security of web service frameworks. Future Generation Computer Systems, v. 100, p. 833-848, set. 2020.
Mateo T. F., Bermejo H. J.R., Bermejo H. J., Sicilia M. J.-A., Argyros, M.I. On Combining Static, Dynamic and Interactive Analysis Security Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Appl. Sci., Spain, v.10 n.24, dez. 2020.
Likaj, X., Soheil, K., Giancarlo, P. Where We Stand (or Fall): An analysis of CSRF Defenses in Web Framewoks., ACM., p. 370-385, out. 2021.
Hassan, M., Nipa, S. S., Akter, M., Haque, R., Deepa, F. N., Rahman, M., Siddiqui, M. A., Sharif, M. H. Broken Authentication and Session Management Vulnerability: A Case Study of Web Application. International Journal of Simulation. abr. 2018.
Micheelsen, S., Thalmann, Bruno. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications. Aslborg University. mai. 2016.
Ablahd AZ, Dawood SA. Using Flask for SQLIA Detection and Protection. Tikit Journal of Engineering Sciences 2020; 27(2): 1-14.
Mateo T. F., Bermejo H. J.R., Bermejo H. J., Sicilia M. J.-A., Argyros, M.I. On Combining Static, Dynamic and Interactive Analysis Security Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Appl. Sci., Spain, v.10 n.24, dez. 2020.
Likaj, X., Soheil, K., Giancarlo, P. Where We Stand (or Fall): An analysis of CSRF Defenses in Web Framewoks., ACM., p. 370-385, out. 2021.
Hassan, M., Nipa, S. S., Akter, M., Haque, R., Deepa, F. N., Rahman, M., Siddiqui, M. A., Sharif, M. H. Broken Authentication and Session Management Vulnerability: A Case Study of Web Application. International Journal of Simulation. abr. 2018.
Micheelsen, S., Thalmann, Bruno. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications. Aslborg University. mai. 2016.
Ablahd AZ, Dawood SA. Using Flask for SQLIA Detection and Protection. Tikit Journal of Engineering Sciences 2020; 27(2): 1-14.
Published
2022-09-12
How to Cite
DE BRITO, Rodrigo; DE CARVALHO, Carlos André Batista.
Análise de segurança em aplicações Web construídas a partir dos frameworks Django, Express e Flask. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 171-184.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.224119.
