ANALYSIS AND PROTECTION IN WEB SYSTEMS: PRACTICES IN UEPA

Felipe Carrara Couto; Daniel Do Espírito Santo Bentes Dos Santos; Raphael O. da Silva; Gabriel M. Pismel; Wanderson Alexandre da Silva Quinto; Italo Di Paolo

All Papers

Submission

DOI

10.29327/15364.1-3

Paper Title

ANALYSIS AND PROTECTION IN WEB SYSTEMS: PRACTICES IN UEPA

Authors

Felipe Carrara Couto
Daniel Do Espírito Santo Bentes Dos Santos
Raphael O. da Silva
Gabriel M. Pismel
Wanderson Alexandre da Silva Quinto
Italo Di Paolo

Modality

resumo

Subject area

Exact and Earth Sciences

Publishing Date

15/05/2018

Country of Publishing

Brasil

Language of Publishing

Português

Paper Page

https://www.even3.com.br/anais/mcaaworkshop/59900-analysis-and-protection-in-web-systems--practices-in-uepa

ISBN

978-85-5722-068-3

Keywords

Information Security, Web Systems, Public Institutions.

Summary

Digital information is a real-world extension, expressing wishes among all involved in a communication that continually becomes more important to protect. Security can be compromised by many factors, such as the behavioral and user factors, the environment/infrastructure in which it travels, and people who have the goal of obtaining, destroying or modifying this information. The main objective of this work was to identify and propose solutions for security flaws in the web systems of the University of the State of Pará (UEPA). The target of various attacks and invasions, and faced with an adverse political and economic scenario for technology investment, as a state public university, had to seek alternatives to mitigate these attacks. Initially a vulnerability analysis of the attacked servers was carried out, and web server clones were created, and several attack scenarios and invasion were repeated in a controlled manner in this environment. In the face of this practice, several fixes in the configurations were executed and tested. Then, it was verified the existence of digital certification in the web systems investigated, after this verification was implemented protocol HTTPS. The systems were analyzed with the Acunetix and Netsparker tools, and the reports generated after the scan characterized the most critical vulnerabilities. A GUT Matrix was made before and after the implementation of the countermeasures, allowing to compare the vulnerabilities before and after solving the problems identified. Such countermeasures after being tested on the clone server were then applied to the server in production. We note that providing security in all web services, especially in UEPA, which is responsible for sensitive data from multiple users, and should have an adequate level of security. In this way, establishing a security policy was very important, as it creates guidelines to be followed by all members to ensure information security of public institutions.

Title of the Event: 1st MCAA Brazil-Europe Workshop (BREUW): Building a sustainable future based on cooperative science, technology and education
City of the Event: São Luís
Title of the Proceedings of the event: Annals of the 1st MCAA Brazil-Europe Workshop
Name of the Publisher: Even3
Means of Dissemination: Meio Digital
DOI

How to cite

COUTO, Felipe Carrara et al.. ANALYSIS AND PROTECTION IN WEB SYSTEMS: PRACTICES IN UEPA.. In: Annals of the 1st MCAA Brazil-Europe Workshop. Anais...São Luís(MA) UFMA, 2018. Available in: https//www.even3.com.br/anais/mcaaworkshop/59900-ANALYSIS-AND-PROTECTION-IN-WEB-SYSTEMS--PRACTICES-IN-UEPA. Access in: 07/07/2025