Global ETD Search

321	On prototype pollution and security risks of developing with third-party software components Johansson, Anni January 2022 (has links) Software development has, to a large extent, become synonymous with using readymade blocks of code in the form of third-party components, like libraries and frameworks, to build applications. All code may include weaknesses that may be exploited by criminals and script kiddies, potentially causing harm to both corporations and people. Third-party components, too, may include weaknesses, but in the case of such a vulnerability being exploited, the effects could be even more critical since popular components may be used in thousands of applications. There are several types of vulnerabilities and one of them is called prototype pollution. This is a JavaScript specific vulnerability that has been found in many well-used third-party components in the last years. However, it has not been the subject of much research. This thesis investigates the risks of using third-party components when developing software with a focus on web applications by conducting a literature survey. It also includes a case study of the prototype pollution vulnerabilities found in recent years and what mitigation techniques have been proposed by both academia and the industry. third-party framework software development vulnerabilities security risk prototype pollution JavaScript Computer and Information Sciences Data- och informationsvetenskap
322	Behavioral Monitoring on Smartphones for Intrusion Detection in Web Systems : A Study of Limitations and Applications of Touchscreen Biometrics / Bevakning av användarbeteende på mobila enheter för identifiering av intrång i webbsystem Lövmar, Anton January 2015 (has links) Touchscreen biometrics is the process of measuring user behavior when using a touchscreen, and using this information for authentication. This thesis uses SVM and k-NN classifiers to test the applicability of touchscreen biometrics in a web environment for smartphones. Two new concepts are introduced: model training using the Local Outlier Factor (LOF), as well as building custom models for touch behaviour in the context of individual UI components instead of the whole screen. The lowest error rate achieved was 5.6 \% using the k-NN classifier, with a standard deviation of 2.29 \%. No real benefit using the LOF algorithm in the way presented in this thesis could be found. It is found that the method of using contextual models yields better performance than looking at the entire screen. Lastly, ideas for using touchscreen biometrics as an intrusion detection system is presented. / Pekskärmsbiometri innebär att mäta beteende hos en användare som använder en pekskärm och känna denna baserat på informationen. I detta examensarbete används SVM och k-NN klassifierare för att testa tillämpligheten av denna typ av biometri i en webbmiljö för smarttelefoner. Två nya koncept introduceras: modellträning med ''Local Outlier Factor'' samt att bygga modeller för användarinteraktioner med enskilda gränssnittselement iställer för skärmen i sin helhet. De besta resultaten för klassifierarna hade en felfrekvens på 5.6 \% med en standardavvikelse på 2.29 \%. Ingen fördel med användning av LOF för träning framför slumpmässig träning kunde hittas. Däremot förbättrades resultaten genom att använda kontextuella modeller. Avslutande så presenteras idéer för hur ett system som beskrivet kan användas för att upptäcka intrång i webbsystem. Biometrics Security Machine Learning Web Technologies JavaScript SVM Computer Sciences Datavetenskap (datalogi)
323	Badrumsinformation : Information om hantverkstjänster Svensson, Andreas January 2022 (has links) The goal of this project work has been to create an application that can be helpful for both entrepreneurs and customers. This application, website should be seen as an extended arm and help to prevent misunderstandings between these two parts. A website has been created where customers can get theoretical help with rules and information about what applies when renovating a bathroom. What will the cost be and why is this cost often higher than what the customer expected from the beginning. The planning phase began with analyzing how the application could best be built up and with which functions could be suitable to include. Opportunity for the visitor to be able to read about rules and laws in bathroom renovation was one of these. Being able to enter measurements of the walls and floors of their bathroom was another. Being able to log in to the site and save their calculations could be a good feature as well. This was followed by sketches and a drawing of the website. The programming started with the installation of Node.js and the Express framework for building up the server side. The various endpoints for "creat, read, update and delete" The MongoDB database was then used as a database. Vue was installed for the front end side and implementation of login function towards Firebase was done. Other programming according to the planning was started. The end product of this became an application that in many ways agrees with what the idea was from the beginning. This application has the potential to get better and there are some features I would have liked to add that are not there yet. The application will be built on to get the functionality that I see in front of me in a longer scenario. / Målet med detta projektarbete har varit att skapa en applikation som kan vara till hjälp både för företagare samt kunder. Denna applikation, webbsida skall ses som en förlängd arm och hjälp för att förebygga missförstånd mellan dessa båda parter. En webbsida har skapats där kunder kan få teoretisk hjälp med regler samt information om vad som gäller vid renovering av badrum. Vad kommer kostnaden att bli och varför är denna kostnad ofta är högre än vad kunden räknat med från början. Planeringsfasen började med att analysera hur applikationen på bästa sätt skulle kunna byggas upp och med vilka funktioner som skulle kunna vara lämpliga att ha med. Möjlighet för besökaren att kunna läsa om regler och lagar inom renovering av badrum var ett av dessa. Att kunna mata in mått på sitt badrums väggar och golv var det andra. Att kunna logga in på sidan och spara sina uträkningar kunde vara en bra funktion också. Detta efterföljdes av skisser och uppritning av den tänka webbplatsen.. Programmeringen startade med installation av Node.js och ramverket Express för uppbyggnad av serversidan. De olika ändpunkterna för ”creat, read, update och delete”. Databasen MongoDB användes sedan som databas. Vue installerades för frontendsidan och implementering av inloggningsfunktion gentemot Firebase gjordes. Övrig programmering enligt planeringen startades. Slutprodukten av detta blev en applikation som i mångt och mycket stämmer överens med vad tanken var från början. Denna applikation har potential att bli bättre och det finns vissa funktioner som jag hade velat lägga till som inte finns där än. Applikationen kommer byggas vidare på för att få den funktionaliteten som jag ser framför mig i ett längre scenario. Vue Firebase Node.js Express Api. JavaScript Heroku MongoDB Computer Engineering Datorteknik
324	Digital CV for Axture : Made in wordpress for clients and employees Johansson, John January 2022 (has links) The goal of this project is to remake a static html page into a dynamic page in the CSM WordPress. The page itself is a digital CV used for presenting people looking for work to employers. It should fulfil as many as WCAG "Web Content Accessibility Guidelines " as possible. While giving employees an easy way to create new CV pages. This report will go through the work at creating a WordPress theme from a static html page, it will go through the overall as well as the concrete goals, the importance of following WCAG, the whole processes of creating the site and the problems WordPress inherently brings, it goes through testing and conclusions it gives examples of code and explanations on how that code works as well as illustration, it will go through the conclusions and results from those and it will talk about the ethicality of this kind of work. / Målet med detta projekt är att göra om en statisk HTML-sida till en dynamisk sida i CSM:et WordPress. Själva sidan är ett digitalt CV som används för att presentera personer som söker arbete för arbetsgivare. Den bör uppfylla så många av WCAG "Web Content Accessibility Guidelines" som möjligt. Samtidigt som de ger anställda ett enkelt sätt att skapa nya CV-sidor. Denna rapport kommer att gå igenom arbetet med att skapa ett WordPress-tema från en statisk html-sida kommer den att gå igenom såväl de övergripande som de konkreta målen, vikten av att följa WCAG, hela processerna för att skapa sajten och de problem WordPress inneboende medför, den går igenom tester och slutsatser den ger exempel på kod och förklaringar om hur den koden fungerar samt illustrationer, den kommer att gå igenom slutsatserna och resultaten från dessa och det kommer att tala om etikiteten i denna typ av arbete. HTML CSS Javascript PHP WordPress CMS Usability WCAG Computer Engineering Datorteknik
325	Administrative management system : Complementing an existing system with new functionality and increased efficiency Björk, Christoffer, Newbury, George January 2021 (has links) This thesis is about how we delivered a product that eases maintenance and support of the client Ninetech’s system ServeIT. The product provides a website which has the purpose of providing an easy way to perform actions and show relevant information in a meaningful way. The functionalities that the product provides is showing all opticians within the different organizations in ServeIT and rebuilding search indexes when a product is added or removed by a supplier or optician. The specified requirements imposed by Ninetech were all implemented, and the final product is today used within their production environment. The project was purpose-fully made scalable, such that further development could be made by Ninetech once the project came to an end. ASP.Net C# javascript API programming web development development website Computer Sciences Datavetenskap (datalogi)
326	Verktyg För Apidokumentation / Tool for API documentation Gårdebratt, Martin, Hagberg, Jonathan January 2021 (has links) Med ett ökat antal API:er på internet ökar även behovet av anvisningar kring dessa. När användarna för API:er har olika nivåer av erfarenhet blir den nödvändiga dokumentationen och instruktionerna svårare att precisera från en utvecklares perspektiv. I detta projekt är målet att fastställa vad som utgör en bra dokumentation för ett API och tillämpa det för ett existerande API på begäran av Askås. Det befintliga materialet analyserades för att bygga en bättre förståelse för vilka API-anrop som stöttades, och skulle byggas om på ett sådant sätt att det skulle vara enkelt att implementera i Askås nya dokumentationssida. För att få klarhet kring vad som utgör bra API-dokumentation undersöktes fältstudier. Givet detta kunde arbetet utföras enligt etablerade studier tillsammans med kontinuerlig feedback från uppdragsgivaren. Resultatet är ett verktyg som kan användas för att göra API-anrop där parametrarna är förklarade på ett dynamiskt sätt som är byggt i React, uttryckt i Docusaurus, i väntan på att bli sammansatt i Askås nya dokumentationssida. / As the number of APIs on the internet increases, so does the need for guidance on how to use these. In APIs where the users have varying experience, the necessary documentation and instructions needed becomes harder to pinpoint from a developer's point of view. In this project, the objective is to conclude what constitutes a good documentation for an API and apply it to an existing API, as requested from Askås. The pre-existing material was analysed to build an understanding for which API calls were supported, and was to be re-built in such a way that it would be easily implemented in Askås' new API documentation site. To bring clarity to what constitutes good API documentation, field studies were examined. With this, the project could be executed according to the examined studies, as well as feedback from the client. The result is a tool that can be used to make API calls where the parametres are explained in a dynamic fashion - developed in React, expressed in Docusaurus, waiting to be merged into Askås new documentation site. Data API Verktyg React Dokumentation Anrop Docusaurus JavaScript API-dokumentation Askås Computer Engineering Datorteknik
327	Comparative Analysis of Ant Colony Optimization and Genetic Algorithm in Solving the Traveling Salesman Problem Mohi El Din, Hatem January 2021 (has links) Metaheuristics is a term for optimization procedures/algorithms that can be applied to a wide range of problems. These problems for which metaheuristics are used usually fall in the NP-hard category, meaning that they cannot be solved in polynomial time. This means that as the input dataset gets larger the time to solve increases exponentially. One such problem is the traveling salesman problem (TSP) which is and has been widely used as a benchmark problem to test optimization algorithms. This study focused on two such algorithms called ant colony optimization (ACO) and genetic algorithm (GA) respectively. Development of such optimization algorithms can have huge implications in several areas of business and industry. They can for example be used by delivery companies to optimize routing of delivery vehicles as well as in material science/industry where they can be used to calculate the most optimal mix of ingredients to produce materials with the desired characteristics. The approach taken in this study was to compare the performance of the two algorithms in three different programming languages (python, javascript and C#). Previous studies comparing the two algorithms have reported conflicting results where some studies found that ACO yielded better results but was slower than GA, while others found that GA yielded better results than ACO. Results of this study suggested that both ACO and GA could find the benchmark solution, but ACO did so much more consistently. Furthermore javascript was found to be the most efficient language with which to run the algorithms in the setup used in this study. Ant colony optimization genetic algorithm metaheuristics javascript python C# Computer Sciences Datavetenskap (datalogi)
328	Visuell programmeringsplattform för IoT-produkter / Playground Web : a visual programming platform for IoT products Dinh, Yen, Fasth, Jesper, Johansson, Filip, Martinsson, Svante, Rosén, Miriam, Sundstedt, Alfred, Södersten, Carl, Wretman, Axel January 2021 (has links) Denna rapport behandlar arbetet som en kandidatgrupp, bestående av åtta civilingenjörsstudenter inom data- och mjukvaruteknik vid Linköpings universitet, utförde under våren 2021. Arbetet gjordes som en del av kursen Kandidatprojekt i programvaruutveckling, med kurskod TDDD96, där kandidatgruppen utvecklade en webbapplikation åt företaget Neue Labs. Webbapplikationen baserades på Neue Labs mobilapplikation Playground, och utvecklades med hjälp av JavaScript-biblioteken React och Redux. Applikationen är en plattform för visuell programmering av IoT produkter, där programmen tar formen av flödesgrafer. Rapporten beskriver arbetsprocessen och redogör för den slutgiltiga produkten. Projektet har bedrivits helt på distans enligt en något modifierad Scrum-metodik. Några av de viktigaste lärdomarna som gruppen tar med sig rörde utbildning, kommunikation och testning. Dessutom innehåller rapporten åtta individuella bidrag, som är skrivna av kandidatgruppens medlemmar Javascript React Redux Visuell programmering Webbapplikation IoT Programvaruutveckling Software Engineering Programvaruteknik
329	Skiftet Mot PWA Inom Applikationsutveckling : En analys av PWA vs. native applikation / The Shift Towards PWA in Application Development : An Analysis of PWA versus Native Application Nylander, Karl, Trulsson Wallin, Erik January 2021 (has links) With mobile usage on the rise developers are more than ever faced with the issue of developing for multiple platforms. With Google's introduction of Progressive Web Applications (PWA) it is possible to build app-like web applications that can run on any platform. This study aims to investigate if PWA is mature enough to replace an already developed native iOS application. Specifically it aims to investigate if a PWA can achieve the same functionality and security as a native application, as well as what technologies are needed to do so. To verify this question an iOS application called iHug developed by a software company called Cloud Enablers was used as a reference point. With this reference a Minimum Viable Product (MVP) copy was developed as a PWA to verify that the functionality could be achieved. This PWA was not intended to replace the existing native application, but instead coexist with it. That means that the PWA must be able to communicate with the original application. In addition an investigation was done to see what measures needed to be taken to achieve security. The results showed that the same functionality was achievable, as was the security. Even though the results are promising, due to the native application not being developed with a PWA in mind there was a lot of extra work that had to be done to replicate certain functionalities and SDK choices. On this basis, while it is certainly possible to achieve the same functionality it is much harder to do so when the counterpart was not developed to be able to communicate with a PWA. PWA iOS Android Native Webb Progressiv Web Applikation Javascript React Node Computer Systems Datorsystem
330	Digital Vacation Management : An Electronic Vacation Management System for Karlstad Municipality Pykäläinen, Heidi January 2020 (has links) The digitization of manual handling of paper forms is an ongoing project atKarlstad municipality, and their management of vacation exchanges is one of thefirst business processes to be digitized. This process involves applicants printingand filling in a vacation exchange paper form, which is submitted to a departmentmanager for processing, and then forwarded to a payroll administrator forregistering.The goal of this thesis was to develop a Proof-of-Concept (PoC) e-service forvacation exchange management at Karlstad municipality. The design of the PoCis based on requirements gathered by interviewing end-users and investigatingtechnical constraints imposed by current systems in place at Karlstad municipality.The PoC is designed as a Web application managing resources from an objectdatabase, and an account directory. The implementation was carried out usingopen source and standardized frameworks. Open source tools were used for theobject database and the account directory. The PoC was evaluated against setrequirements. Avenues for future work include a more thorough investigation ofthe account directory at Karlstad municipality. MERN digitization JavaScript open source LDAP React Node MongoDB Express Web Computer Sciences Datavetenskap (datalogi)

Search results