Change search
ReferencesLink to record
Permanent link

Direct link
Security in Behaviour Driven Authentication for Web Applications
2012 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This paper describes the security research for a web application designed by BehavioSec. The application uses JavaScript to record keystrokes to generate data that is sent back to a server for verication. As this type of applications are often used in systems used for sensitive data, they are often targets for various attacks. The purpose of this paper is to decide what can be done to, if not prevent these attacks, then at least make it more dicult to succeed with an attack.Information has been gathered through web research, mainly based on the current programming languages that are being used in the application but alternatives has also been taken into consideration. Requests from BehavioSec has also been evaluated.There are many ways to increase the security around these kinds of applications. Web replay attacks could be countered by generating a JavaScript on the server side for each user that has the same functionality but with a dierent format each time. One way to prevent man in the browser attacks could be to use a verication based on the performed request from the client. Hashing the data could also help verify that the data has not been altered since it was transmitted from the client to some extent. To increase the security further a salt could be used with the hash function. No matter what solution is used, the use of sessions is recommended as it enable the possibility to store sensitive data on the server side instead of passing it to the client.

Place, publisher, year, edition, pages
2012. , 50 p.
Keyword [en]
Keyword [sv]
URN: urn:nbn:se:ltu:diva-47609Local ID: 524774e5-6f23-419d-b157-6dc5205efee9OAI: diva2:1020937
Subject / course
Student thesis, at least 30 credits
Educational program
Computer Science and Engineering, master's level
Validerat; 20120131 (anonymous)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(927 kB)0 downloads
File information
File name FULLTEXT02.pdfFile size 927 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Nilsson, Daniel

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link