NBP: Nauka, bezbednost, policija (Jan 2017)

General aspects of application it security

  • Čisar Petar

Journal volume & issue
Vol. 22, no. 2
pp. 33 – 46

Abstract

Read online

To achieve a satisfactory level of security of an information system, different system and application methods are applied. The paper has a focus on general aspects of application IT security, thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report, out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools, which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications, Android operating system is especially featured, as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate, vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security, some of the newer solutions are shown, such as RASP approach. The paper particularly emphasizes the importance of security testing of applications, with accent on testing phase. Finally, in addition to the previously explained application of security methods, an overview of security methods of a general character is given.