Implementation of techniques, standards and safety recommendations to prevent XSS and SQL injection attacks in Java EE RESTful applications

Abstract

In order to expand their coverage, organizations focus their operations on web systems, which mean that the attacks or intrusion attempts on their systems become frequent, infringe them or eventually access unauthorized data. In this way, there are some organization projects aimed at providing basic techniques of prevention and protection of computer attacks, such as OWASP. Among the most common types of attacks that have been detected in this research project, the XSS and SQL Injection can be mentioned. Therefore, this study was based on the development of a prototype under the REST architectural style, design pattern Facade, Java EE and Glassfish [13] which allowed validating the architectural definition, encoding and deployment through the following tools: Structural Analysis for Java, SonarQube and SoapUI. With the development of the prototype it was found that with the use of standards and norms issued by OWASP Restful applications, the absence of security in terms of design and source code in web applications is offset