Change search
ReferencesLink to record
Permanent link

Direct link
Penetration Testing of Web Applications in a Bug Bounty Program
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
2014 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Web applications provide the basis for the use of the "World-Wide-Web", as people know itnowadays. These software solutions get programmed by a numerous amount of developersall over the world. For all this software, it is not possible to guarantee a 100 percent security.Therefore, it is desirable that every application should get evaluated using penetration tests.Anewformof security testing platforms is getting provided by bug bounty programs, whichencourage the community to help searching for security breaches. This work introduces thecurrently leading portal for bug bounties, called Bugcrowd Inc. In addition, web applications,which were part of the program, got tested in order to evaluate their security level.A comparison is made with given statistics by leading penetration testing companies, showingthe average web application security level. The submission process, to send informationabout vulnerabilities, is getting evaluated. The average time it takes, to receive an answer regardinga submission is getting reviewed. In the end, the findings get retested, to evaluate, ifthe bug bounty program is a useful opportunity to increase security and if website operatorstake submissions serious by patching the software flaws.

Place, publisher, year, edition, pages
2014. , 47 p.
Keyword [en]
Penetraton Testing, Web Applications, Bug Bounty
National Category
Computer Science
URN: urn:nbn:se:kau:diva-32404OAI: diva2:723516
Subject / course
Computer Science
Educational program
Computer Science
2014-06-04, Karlstad, 23:30 (English)
Available from: 2014-06-11 Created: 2014-06-10 Last updated: 2014-06-11Bibliographically approved

Open Access in DiVA

Arkivfil(2754 kB)1830 downloads
File information
File name FULLTEXT02.pdfFile size 2754 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Mathematics and Computer Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1832 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 174 hits
ReferencesLink to record
Permanent link

Direct link