Inlämning av Examensarbete / Submission of Thesis

Kristoffer Wanderydz , pp. 61. COM/School of Computing, 2012.

The work

Författare / Author: Kristoffer Wanderydz
Abstrakt Abstract:

This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed.
Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source.
All vulnerabilities was successfully implemented in Spring framework, and they were all exploited. Every vulnerability was also secured, with different tools and methods from earlier mentioned frameworks. As a result, real examples from the prototype is used for demonstration in the project, both in a secure and an insecure state.
The result views Spring as a framework with good security potential. Most of the Spring specific vulnerabilities, are logical design flaws from developers that can be avoided. Vulnerabilities not related to Spring, such as the one collected for this project. Could be prevented by using methods from the Spring framework or intelligent programming.
Which leads to conclusions. Web applications are always exposed to attacks, no matter the framework in use. Creative hackers search to discover new vul- nerabilities, and update old ones all the time. Developers has a responsibility, towards the web applications users. Web applications can not just developed for normal use, but also against possible misuse. Frameworks with good reputation and well processed models, is a good ground for developing a secure application.

Ämnesord / Subject: Säkerhetsteknik - Security Engineering
Datavetenskap - Computer Science\Networks and Communications
Datavetenskap - Computer Science\Software Engineering
Nyckelord / Keywords: Web, Spring, Security, Application, Exploit, Vulnerabilities, Secure

Publication info

Dokument id / Document id: houn-8w4lf7
Program:/ Programme IT-säkerhet/Security Engineering
Registreringsdatum / Date of registration: 07/11/2012
Uppsatstyp / Type of thesis: C-Uppsats


Handledare / Supervisor: Edgar Alonso Lopez-Rojas
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: COM/School of Computing

+46 455 38 50 00

Files & Access

Bifogad uppsats fil(er) / Files attached: bth2012wanderydz.pdf (1520 kB, öppnas i nytt fönster)