Trabalhos de Conclusão de Curso de Graduação

URI Permanente desta comunidade

https://repositorio.ifal.edu.br/handle/123456789/40

Navegar

Navegando Trabalhos de Conclusão de Curso de Graduação por Departamento "Arapiraca"

Agora exibindo 1 - 1 de 1
  • Imagem de Miniatura
    Item
    Análise de Vulnerabilidades dos Portais Web das Câmaras Municipais Alagoanas
    (Instituto Federal de Educação Ciência e Tecnologia de Alagoas, 2022-12-27) Torres, Eduardo Vítor Vieira; Fireman, Daniel Lacet de Faria; http://lattes.cnpq.br/8895463227448929; Melo, Matheus D’Eça Torquato de; http://lattes.cnpq.br/5171680332446930; Lopes, Felipe Alencar; http://lattes.cnpq.br/6490167896355223
    In an increasingly computerized world with access to the Internet, the existence of electronic government portals is essential, which provide services and information, which facilitate access to consultation by citizens with regard to their demands. In that regard, there are city council portals that provide information on acting councilors, news about the councils, in addition to containing the transparency portal, which has information on government actions, budgetary and financial execution (revenues and expenses), among others. Just like any system that is connected to the Internet, such portals may have security vulnerabilities that put the services offered by them at risk, as well as the data of the users who use them. The present work has the general objective of verifying any existing security vulnerabilities in portals of the municipal councils of the state of Alagoas so that it is possible to analyze the vulnerabilities according to the OWASP Top 10 classification of 2021, as well as to evaluate vulnerabilities found according to the Interlegis model and according to the GDP of the cities. To collect vulnerabilities, the Wapiti scanner was used. The results obtained showed that the total number of vulnerabilities found was 667. Furthermore, 10% of portals had critical vulnerabilities. As examples of the types of vulnerabilities found: Injection - which allows malicious queries to databases and Incorrect Security Configuration - which can lead to theft of user sessions.