Análise de segurança cibernética no Tribunal de Contas do Estado do Rio Grande do Norte: aplicação dos princípios OWASP na identificação e mitigação de vulnerabilidades

Fontes, Ramon dos ReisSousa Júnior, José Edivandro de2024-02-292024-02-292024-02-21SOUSA JÚNIOR, José Edivandro de. Análise de segurança cibernética no Tribunal de Contas do Estado do Rio Grande do Norte: aplicação dos princípios OWASP na identificação e mitigação de vulnerabilidades. 2024. 61 f. Trabalho de Conclusão de Curso (Especialização em Residência em Tecnologia da Informação) - Instituto Metrópole Digital, Universidade Federal do Rio Grande do Norte, Natal, 2024.https://repositorio.ufrn.br/handle/123456789/57717A great deal is discussed regarding information security protocols, due to the significant incidents of data leaks over the years, a phenomenon that is no different in public institutions in Rio Grande do Norte. This undergraduate thesis (TCC) is dedicated to the Court of Auditors of the State of Rio Grande do Norte (TCE/RN), exploring the application of principles outlined by the Open Web Application Security Project (OWASP) in analyzing vulnerabilities in systems developed by the aforementioned court. OWASP, as a community, develops methodologies and tools freely, based on past incidents, aiming to prevent vulnerabilities in both public and private spheres. The TCC in question assessed the security of TCE/RN and the effectiveness of systems produced and maintained by residents, using the Zed Attack Proxy tool, a free application based on protocols advocated by OWASP, with the purpose of identifying and mitigating potential vulnerabilities. Specific objectives include an in-depth analysis of cybersecurity, cataloging vulnerabilities on court websites, conducting detailed analyses of these vulnerabilities in a development context, and developing proactive plans to prevent new security vulnerabilities. The outcome of using the vulnerability scanning tool revealed security flaws in all assessed systems, validating the generalization of the tool's effectiveness for all court systems. Such findings affirm the intrinsic importance of this undergraduate thesis, which culminated in the development of a plan capable of mitigating these deficiencies.Attribution-NonCommercial-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/Segurança da InformaçãoInformation securityvulnerabilidadesvulnerabilitiesOWASPOWASPAnálise de segurança cibernética no Tribunal de Contas do Estado do Rio Grande do Norte: aplicação dos princípios OWASP na identificação e mitigação de vulnerabilidadesCybersecurity analysis at the Rio State Court of Auditors Grande do Norte: application of OWASP Principles in the Identification and Mitigation of VulnerabilitiesbachelorThesisCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO