180 research outputs found

    Web application penetration test: Proposal for a generic web application testing methodology

    Get PDF
    Nowadays, Security Management is beginning to become a priority for most companies. The primary aim is to prevent unauthorized identities from accessing classified information and using it against the organization. The best way to mitigate hacker attacks is to learn their methodologies. There are numerous ways to do it, but the most common is based on Penetration Tests, a simulation of an attack to verify the security of a system or environment to be analyzed. This test can be performed through physical means utilizing hardware or through social engineering. The objective of this test is to examine, under extreme circumstances, the behavior of systems, networks, or personnel devices, to identify their weaknesses and vulnerabilities. This dissertation will present an analysis of the State of the Art related to penetration testing, the most used tools and methodologies, its comparison, and the most critical web application vulnerabilities. With the goal of developing a generic security testing methodology applicable to any Web application, an actual penetration test to the web application developed by VTXRM – Software Factory (Accipiens) will be described, applying methods and Open-Source software step by step to assess the security of the different components of the system that hosts Accipiens. At the end of the dissertation, the results will be exposed and analyzed.Atualmente, a Gestão de Segurança da Informação começa a tornar-se uma prioridade para a maioria das Empresas, com o principal objetivo de impedir que identidades não autorizadas acedam a informações confidenciais e as utilizem contra a organização. Uma das melhores formas de mitigar os possíveis ataques é aprender com as metodologias dos atacantes. Existem inúmeras formas de o fazer, mas a mais comum baseia-se na realização de Testes de Intrusão, uma simulação de um ataque para verificar a segurança de um sistema ou ambiente a ser analisado. Este teste pode ser realizado através de meios físicos utilizando hardware, através de engenharia social e através de vulnerabilidades do ambiente. O objetivo deste teste é examinar, em circunstâncias extremas, o comportamento de sistemas, redes, ou dispositivos pessoais, para identificar as suas fraquezas e vulnerabilidades. Nesta dissertação será apresentada uma análise ao estado da arte relacionada com testes de penetração, as ferramentas e metodologias mais utilizadas, uma comparação entre elas, serão também explicadas algumas das vulnerabilidades mais críticas em aplicações web. O objetivo é o desenvolvimento de uma metodologia genérica de testes de intrusão, ambicionando a sua aplicabilidade e genericidade em aplicações web, sendo esta aplicada e descrita num teste de intrusão real à aplicação web desenvolvida pela VTXRM – Software Factory (Accipiens), aplicando passo a passo métodos e softwares Open-Source com o objetivo de analisar a segurança dos diferentes componentes do sistema no qual o Accipiens está instalado. No final serão apresentados os resultados do mesmo e a sua análise

    Civil economy as a path towards sustainability: An empirical investigation

    Get PDF
    Contemporary societies face a myriad of challenges that require the modification of patterns, ways of living, being and producing. Although climate change is one of the most glaring problems, it cannot be understood merely by environmental aspects. Many of these challenges are interrelated and have their roots in a set of crystallized structures that are obsolete, namely the economic ones. Contemporary capitalism has been proving its limitations and contribution to less fair, harmonious and sustainable societies. Evidence of this is the policy efforts that many organizations, such as the European Commission, are making to promote environmental transitions, the circular economy, and green innovations. This article argues that the concept of civil economy may be complementary to this green policy agenda for reflecting on current social challenges and emphasize the importance of cultural, environmental, spiritual and economic resources operating together. It pays attention to gift-giving as a form of civil economy, defining a framework inspired by positive sociology. The article uses the case study of "Los Portales", an intentional sustainable community located in Spain, with around 40 inhabitants and more than 40 years of existence. The study is of ethnographic character and based on in-depth interviews with experts on the economic governance of this community. The results show that the principles of the gift economy were crucial to the success and longevity of the community. They also suggest an agency-centred approach in which individuals should engage activities that promote personal happiness, collective happiness and prosperity.info:eu-repo/semantics/publishedVersio

    As dimensões latentes da Inovação: o caso das regiões europeias

    Get PDF
    Innovation has come to play an evermore-prominent role in Territorial Policies because is a crucial aspect to Economic Development. The present study reflects on the theoretical models of Innovation and the paradigm of Regional Innovation Systems. Through the analysis of 175 regions of the EU 15 it seeks to find the dimensions underlying the innovative phenomena and to create homogenous groups of regions that display similar profiles. Factorial Analysis of the Main Components was used to reduce the dimension of data from a barrage of regional indicators such as: Critical Mass of Territories, Economic Performance, Level of Wealth, Employment Market, Sectoral Structure of the Economy, Age Group Structure, Education and Training, Technological Employment, R&D and Patents. Having determined the four main factors with significant results (Technological Innovation, Human Capital, Economic Structure and Availability of the Employment Market) what followed was a hierarchical analysis of Clusters, resulting in five groupings of regions: Disadvantaged Regions, Average Regions, Central Regions, Large Economic Centres and Innovating Regions

    As dimensões latentes da Inovação: o caso das regiões europeias

    Get PDF
    Innovation has come to play an evermore-prominent role in Territorial Policies because is a crucial aspect to Economic Development. The present study reflects on the theoretical models of Innovation and the paradigm of Regional Innovation Systems. Through the analysis of 175 regions of the EU 15 it seeks to find the dimensions underlying the innovative phenomena and to create homogenous groups of regions that display similar profiles. Factorial Analysis of the Main Components was used to reduce the dimension of data from a barrage of regional indicators such as: Critical Mass of Territories, Economic Performance, Level of Wealth, Employment Market, Sectoral Structure of the Economy, Age Group Structure, Education and Training, Technological Employment, R&D and Patents. Having determined the four main factors with significant results (Technological Innovation, Human Capital, Economic Structure and Availability of the Employment Market) what followed was a hierarchical analysis of Clusters, resulting in five groupings of regions: Disadvantaged Regions, Average Regions, Central Regions, Large Economic Centres and Innovating Regions

    Blockchain-based PKI for Crowdsourced IoT Sensor Information

    Full text link
    The Internet of Things is progressively getting broader, evol-ving its scope while creating new markets and adding more to the existing ones. However, both generation and analysis of large amounts of data, which are integral to this concept, may require the proper protection and privacy-awareness of some sensitive information. In order to control the access to this data, allowing devices to verify the reliability of their own interactions with other endpoints of the network is a crucial step to ensure this required safeness. Through the implementation of a blockchain-based Public Key Infrastructure connected to the Keybase platform, it is possible to achieve a simple protocol that binds devices' public keys to their owner accounts, which are respectively supported by identity proofs. The records of this blockchain represent digital signatures performed by this Keybase users on their respective devices' public keys, claiming their ownership. Resorting to this distributed and decentralized PKI, any device is able to autonomously verify the entity in control of a certain node of the network and prevent future interactions with unverified parties

    Innovative and transition potential of intentional sustainable communities

    Get PDF
    The number of ecovillages – intentional sustainable communities – is showing signs of growth all over the world. These self-organized groups can be seen as agents of change that may contribute to the transition to a more sustainable environmental, social, economic and political paradigm. This article seeks to reflect on the ‘transitional potential’ of intentional sustainable communities as mechanisms that foster the development of social innovation practices. It is an exploratory study that debates the articulation between an empirical phenomenon, the existence of this type of communities, and a theoretical perspective, the study of transitions. This study is based on a systematic literature review to identify relevant analytical dimensions and suggests a conceptual model that provides comprehension of the phenomenon of intentional sustainable communities as a mechanism for social innovation and transformative change

    Application of polyoxometalate-ionic liquids (POM-ILs) in dye-sensitized solar cells (DSSCs)

    Get PDF
    project “SunStorage- Harvesting and storage of solar energy”, with reference POCI-01-0145-FEDER-016387, and by national funds (PTDC/ QEQ-QFI/1971/2014), through FCT - Fundação para a Ciência e a Tecnologia. H. Cruz thanks to Fundacão para a Ciência e a Tecnologia, MCTES, for the norma transitória DL 57/2016 Program Contract. L. C. Branco thanks to financial support of FCT/MCTES IF/0041/2013/CP1161/CT00). Ana Lucia Pinto thanks to FCT/MCTES for the grant PD/BD/135087/2017Polyoxometalates (POMs) as anionic metal oxides are promising candidates for application in dye-sensitized solar cells (DSSCs) due to their peculiar properties including a reversible and multi-electron redox behavior. In this work, four polyoxometalate as ionic liquids (POM-ILs) based on the combination between phosphomolybdate anion (PMo12O40 3−) and organic cations such as [BMIM]+, [BPy]+, [HDPy]+ and [P6,6,6,14]+ were prepared and characterized. A detailed chemical structural elucidation by elemental analysis, ATR-FTIR, 1H and 31P NMR spectroscopies have been performed. These POM-ILs were tested as photosensitizers by adsorption to the photoanode (TiO2 film) for different times (15 min to 17 h). The DSSCs performance can be highly improved comparing the commercially available compound and POM-ILs. The electrodeposition process is an excellent alternative to adsorption in order to improve the overall efficiencies. In general, [BPy]3[PMo12O40] and [P6,6,6,14]3[PMo12O40] are the most promissory compounds for DSSC approaches.publishersversionpublishe

    Neuroevolutionary multiobjective optimization of injection stretch blow molding process in the blowing phase

    Get PDF
    Injection stretch blow molding is a very important thermoplastic processing technique producing hollow containers with mechanical performance. One of the main challenges in optimizing this process consists in finding the best thickness profile for each part in order to achieve the desired mechanical properties with less material use. In a previous study, a new methodology based on a neuroevolutionary multiobjective optimization approach was proposed to enhance the entire process, which considers that the process is optimized by phases, starting by the end. In that initial study only the final phase of the process was addressed, where the best thickness profile for an industrial bottle was found in order to satisfy the required mechanical properties with less material use. In the present study, the focus is the second stage of the optimization methodology, concerning the blowing phase of injection blow molding process. The optimal results obtained in the first phase are used as the optimal thickness profile for the bottle with the goal to find the best preform thickness profile which produces the desired bottle. The same procedures are used and the results show that the methodology was successfully applied to its second phase.This work has been supported by the European project MSCA-RISE-2015, NEWEX, with reference 734205