Change search
ReferencesLink to record
Permanent link

Direct link
Blekinge Institute of Technology, School of Computing.
2012 (English)Independent thesis Basic level (degree of Bachelor)Student thesis
Abstract [en]

This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed. Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source. All vulnerabilities was successfully implemented in Spring framework, and they were all exploited. Every vulnerability was also secured, with different tools and methods from earlier mentioned frameworks. As a result, real examples from the prototype is used for demonstration in the project, both in a secure and an insecure state. The result views Spring as a framework with good security potential. Most of the Spring specific vulnerabilities, are logical design flaws from developers that can be avoided. Vulnerabilities not related to Spring, such as the one collected for this project. Could be prevented by using methods from the Spring framework or intelligent programming. Which leads to conclusions. Web applications are always exposed to attacks, no matter the framework in use. Creative hackers search to discover new vul- nerabilities, and update old ones all the time. Developers has a responsibility, towards the web applications users. Web applications can not just developed for normal use, but also against possible misuse. Frameworks with good reputation and well processed models, is a good ground for developing a secure application.

Place, publisher, year, edition, pages
2012. , 61 p.
Keyword [en]
Web, Spring, Security, Application, Exploit, Vulnerabilities, Secure
National Category
Computer Science Software Engineering
URN: urn:nbn:se:bth-2370Local ID: diva2:829642
Available from: 2015-04-22 Created: 2012-07-11 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(1485 kB)58 downloads
File information
File name FULLTEXT01.pdfFile size 1485 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Computing
Computer ScienceSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 58 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 61 hits
ReferencesLink to record
Permanent link

Direct link