IBWAS 2009, the Iberic Conference on Web Applications Security, was the first international conference organized by both the OWASP Portuguese and Spanish ch- ters in order to join the international Web application security academic and industry communities to present and discuss the major aspects of Web applications security. There is currently a change in the information systems development paradigm. The emergence of Web 2. 0 technologies led to the extensive deployment and use of W- based applications and Web services as a way to develop new and flexible information systems. Such systems are easy to develop, deploy and maintain and they demonstrate impressive features for users, resulting in their current wide use. The “social” features of these technologies create the necessary “massification” effects that make millions of users share their own personal information and content over large web-based int- active platforms. Corporations, businesses and governments all over the world are also developing and deploying more and more applications to interact with their bu- nesses, customers, suppliers and citizens to enable stronger and tighter relations with all of them. Moreover, legacy non-Web systems are being ported to this new intrin- cally connected environment. IBWAS 2009 brought together application security experts, researchers, educators and practitioners from industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track, academic researchers were able to combine interesting results with the experience of practitioners and software engineers.
Author(s): Marc Chisinevski (auth.), Carlos Serrão, Vicente Aguilera Díaz, Fabio Cerullo (eds.)
Series: Communications in Computer and Information Science 72
Edition: 1
Publisher: Springer-Verlag Berlin Heidelberg
Year: 2010
Language: English
Pages: 83
Tags: Computer Communication Networks; Management of Computing and Information Systems; Data Encryption; Information Systems Applications (incl.Internet); Computers and Society; Algorithm Analysis and Problem Complexity
Front Matter....Pages -
The OWASP Logging Project....Pages 1-1
SQL Injection - How Far Does the Rabbit Hole Go?....Pages 3-3
OWASP O2 Platform - Open Platform for Automating Application Security Knowledge and Workflows....Pages 5-5
The Business of Rogueware....Pages 7-7
Microsoft Infosec Team: Security Tools Roadmap....Pages 9-9
Empirical Software Security Assurance....Pages 11-11
Assessing and Exploiting Web Applications with the Open-Source Samurai Web Testing Framework....Pages 13-13
Authentication: Choosing a Method That Fits....Pages 15-15
Cloud Computing: Benefits, Risks and Recommendations for Information Security....Pages 17-17
OWASP TOP 10 2009....Pages 19-19
Deploying Secure Web Applications with OWASP Resources....Pages 21-21
Thread Risk Modelling....Pages 23-23
Protection of Applications at the Enterprise in the Real World: From Audits to Controls....Pages 25-25
A Semantic Web Approach to Share Alerts among Security Information Management Systems....Pages 27-38
WASAT- A New Web Authorization Security Analysis Tool....Pages 39-49
Connection String Parameter Pollution Attacks....Pages 51-62
Web Applications Security Assessment in the Portuguese World Wide Web Panorama....Pages 63-73
Building Web Application Firewalls in High Availability Environments....Pages 75-82
Back Matter....Pages -
