Improving security of web applications based on mainstream technology

Abstract

[ES] There is an enormous quantity of web applications with little or no security configurations at all that are accessible through the Internet. Many of these were academic exercises that were engineered from a purely functional perspective; this leads to poorly specialized configurations and to a lack of security. Many of these applications have been later abandoned by their programmers or simply kept as initially deployed, whereas being still public and fully accessible. On the one hand, the project focuses on the stydy and analysis of selected state of the art web technologies and some of their related security flaws. As web programming technologies evolve, new flaws appear; and also appear the recommended programming patterns to overcome these flaws. Overall, cibersecurity in web systems is a dynamic and evolving process that requires much effort in continuous analysis of systems, of web programming tools, and systems prototyping. For this purpose, an initial basic set up of a web server will be put in place to analyze selected flaws on the field and selected common security missconfigurations. This work will be exemplified on a prototype application comprising a server and a set of IoT nodes monitored by the server. This basic prototype will help to illustrate some security missconfigurations that are frequent and part of OWASP Top 10. Then, a set of recommendations for their configuration and public set up will be designed and programmed.

[EN] There is an enormous quantity of web applications with little or no security configurations at all that are accessible through the Internet. Many of these were academic exercises that were engineered from a purely functional perspective; this leads to poorly specialized configurations and to a lack of security. Many of these applications have been later abandoned by their programmers or simply kept as initially deployed, whereas being still public and fully accessible. On the one hand, the project focuses on the stydy and analysis of selected state of the art web technologies and some of their related security flaws. As web programming technologies evolve, new flaws appear; and also appear the recommended programming patterns to overcome these flaws. Overall, cibersecurity in web systems is a dynamic and evolving process that requires much effort in continuous analysis of systems, of web programming tools, and systems prototyping. For this purpose, an initial basic set up of a web server will be put in place to analyze selected flaws on the field and selected common security missconfigurations. This work will be exemplified on a prototype application comprising a server and a set of IoT nodes monitored by the server. This basic prototype will help to illustrate some security missconfigurations that are frequent and part of OWASP Top 10. Then, a set of recommendations for their configuration and public set up will be designed and programmed.