WEB APPLICATION SECURITY IN THE JAVA ENVIRONMENT
Independent thesis Basic level (degree of Bachelor)Student thesis
This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed. Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source. All vulnerabilities was successfully implemented in Spring framework, and they were all exploited. Every vulnerability was also secured, with different tools and methods from earlier mentioned frameworks. As a result, real examples from the prototype is used for demonstration in the project, both in a secure and an insecure state. The result views Spring as a framework with good security potential. Most of the Spring specific vulnerabilities, are logical design flaws from developers that can be avoided. Vulnerabilities not related to Spring, such as the one collected for this project. Could be prevented by using methods from the Spring framework or intelligent programming. Which leads to conclusions. Web applications are always exposed to attacks, no matter the framework in use. Creative hackers search to discover new vul- nerabilities, and update old ones all the time. Developers has a responsibility, towards the web applications users. Web applications can not just developed for normal use, but also against possible misuse. Frameworks with good reputation and well processed models, is a good ground for developing a secure application.
Place, publisher, year, edition, pages
2012. , 61 p.
Web, Spring, Security, Application, Exploit, Vulnerabilities, Secure
Computer Science Software Engineering
IdentifiersURN: urn:nbn:se:bth-2370Local ID: oai:bth.se:arkivex01BB457A282DCD22C1257A3800564E83OAI: oai:DiVA.org:bth-2370DiVA: diva2:829642
Lopez-Rojas, Edgar Alonso