Overview

Editors:

Carlos Serrão⁰,
Vicente Aguilera Díaz¹,
Fabio Cerullo²

Carlos Serrão
1. OWASP Portugal Ed. ISCTE, ISCTE-IUL Lisbon University Institute, Lisboa, Portugal
View editor publications

You can also search for this editor in PubMed Google Scholar
Vicente Aguilera Díaz
1. Internet Security Auditors, OWASP Spain, Barcelona, Spain
View editor publications

You can also search for this editor in PubMed Google Scholar
Fabio Cerullo
1. OWASP Ireland, OWASP Global Education Committee, 23 The Chandler, Rathborne Village, Ashtown, Dublin 15 Co., Dublin, Ireland
View editor publications

You can also search for this editor in PubMed Google Scholar

Up-to-date results
Fast track conference proceedings
State-of-the-art report

Part of the book series: Communications in Computer and Information Science (CCIS, volume 72)

Included in the following conference series:

IBWAS: Iberic Web Application Security Conference

Conference proceedings info: IBWAS 2009.

93k Accesses
170 Citations
3 Altmetric

This is a preview of subscription content, log in via an institution to check access.

Access this book

eBook USD 39.99

Price excludes VAT (USA)

Softcover Book USD 54.99

Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Other ways to access

Licence this eBook for your library

Institutional subscriptions

Table of contents (18 papers)

Front Matter

Download chapter PDF
Abstracts
1. The OWASP Logging Project
  
  Marc Chisinevski
  
  Pages 1-1
2. SQL Injection - How Far Does the Rabbit Hole Go?
  
  Justin Clarke
  
  Pages 3-3
3. OWASP O2 Platform - Open Platform for Automating Application Security Knowledge and Workflows
  
  Dinis Cruz
  
  Pages 5-5
4. The Business of Rogueware
  
  Luis Corrons
  
  Pages 7-7
5. Microsoft Infosec Team: Security Tools Roadmap
  
  Simon Roses
  
  Pages 9-9
6. Empirical Software Security Assurance
  
  Dave Harper
  
  Pages 11-11
7. Assessing and Exploiting Web Applications with the Open-Source Samurai Web Testing Framework
  
  Raul Siles
  
  Pages 13-13
8. Authentication: Choosing a Method That Fits
  
  Miguel Almeida
  
  Pages 15-15
9. Cloud Computing: Benefits, Risks and Recommendations for Information Security
  
  Daniele Catteddu
  
  Pages 17-17
10. OWASP TOP 10 2009
  
  Fabio E. Cerullo
  
  Pages 19-19
11. Deploying Secure Web Applications with OWASP Resources
  
  Fabio E. Cerullo
  
  Pages 21-21
12. Thread Risk Modelling
  
  Martin Knobloch
  
  Pages 23-23
13. Protection of Applications at the Enterprise in the Real World: From Audits to Controls
  
  Javier Fernández-Sanguino
  
  Pages 25-25
Papers
1. A Semantic Web Approach to Share Alerts among Security Information Management Systems
  
  Jorge E. López de Vergara, Víctor A. Villagrá, Pilar Holgado, Elena de Frutos, Iván Sanz
  
  Pages 27-38
2. WASAT- A New Web Authorization Security Analysis Tool
  
  Carmen Torrano-Gimenez, Alejandro Perez-Villegas, Gonzalo Alvarez
  
  Pages 39-49
3. Connection String Parameter Pollution Attacks
  
  Chema Alonso, Manuel Fernandez, Alejandro Martín, Antonio Guzmán
  
  Pages 51-62
4. Web Applications Security Assessment in the Portuguese World Wide Web Panorama
  
  Nuno Teodoro, Carlos Serrão
  
  Pages 63-73
5. Building Web Application Firewalls in High Availability Environments
  
  Juan Galiana Lara, Àngel Puigventós Gracia
  
  Pages 75-82
Back Matter

Download chapter PDF

Other volumes

Web Application Security

Keywords

About this book

IBWAS 2009, the Iberic Conference on Web Applications Security, was the first international conference organized by both the OWASP Portuguese and Spanish ch- ters in order to join the international Web application security academic and industry communities to present and discuss the major aspects of Web applications security. There is currently a change in the information systems development paradigm. The emergence of Web 2. 0 technologies led to the extensive deployment and use of W- based applications and Web services as a way to develop new and flexible information systems. Such systems are easy to develop, deploy and maintain and they demonstrate impressive features for users, resulting in their current wide use. The “social” features of these technologies create the necessary “massification” effects that make millions of users share their own personal information and content over large web-based int- active platforms. Corporations, businesses and governments all over the world are also developing and deploying more and more applications to interact with their bu- nesses, customers, suppliers and citizens to enable stronger and tighter relations with all of them. Moreover, legacy non-Web systems are being ported to this new intrin- cally connected environment. IBWAS 2009 brought together application security experts, researchers, educators and practitioners from industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track, academic researchers were able to combine interesting results with the experience of practitioners and software engineers.

Editors and Affiliations

OWASP Portugal Ed. ISCTE, ISCTE-IUL Lisbon University Institute, Lisboa, Portugal

Carlos Serrão
Internet Security Auditors, OWASP Spain, Barcelona, Spain

Vicente Aguilera Díaz
OWASP Ireland, OWASP Global Education Committee, 23 The Chandler, Rathborne Village, Ashtown, Dublin 15 Co., Dublin, Ireland

Fabio Cerullo

Bibliographic Information

Book Title: Web Application Security
Book Subtitle: Iberic Web Application Security Conference, IBWAS 2009, Madrid, Spain, December 10-11, 2009. Revised Selected Papers
Editors: Carlos Serrão, Vicente Aguilera Díaz, Fabio Cerullo
Series Title: Communications in Computer and Information Science
DOI: https://doi.org/10.1007/978-3-642-16120-9
Publisher: Springer Berlin, Heidelberg
eBook Packages: Computer Science, Computer Science (R0)
Copyright Information: Springer Berlin Heidelberg 2010
Softcover ISBN: 978-3-642-16119-3Published: 19 October 2010
eBook ISBN: 978-3-642-16120-9Published: 19 November 2010
Series ISSN: 1865-0929
Series E-ISSN: 1865-0937
Edition Number: 1
Number of Pages: X, 83
Number of Illustrations: 22 b/w illustrations
Topics: Computer Communication Networks, Management of Computing and Information Systems, Cryptology, Information Systems Applications (incl. Internet), Computers and Society, Algorithm Analysis and Problem Complexity

Publish with us

Policies and ethics

Web Application Security

Overview

Access this book

Other ways to access

Table of contents (18 papers)

Front Matter

Abstracts

Papers

Back Matter

Other volumes