Global ETD Search

371	Static Analysis Of Client-Side JavaScript Code To Detect Server-Side Business Logic Vulnerabilities / Statisk analys av JavaScript-kod på klientsidan för att upptäcka sårbarheter i affärslogiken på serversidan van der Windt, Frederick January 2023 (has links) In the real world, web applications are crucial in various domains, from e-commerce to finance and healthcare. However, these applications are not immune to vulnerabilities, particularly in business logic. Detecting such vulnerabilities can be challenging due to the complexity and diversity of application functionality. Consequently, there is a growing need for automated tools and techniques to aid in identifying business logic vulnerabilities. This research study investigates the efficacy of static analysis techniques in detecting server-side business logic vulnerabilities through the analysis of client-side JavaScript code. The study explores various analysis techniques, including code parsing, data flow analysis as detection methods, and their application in identifying potential vulnerabilities. This thesis also identifies common flaws contributing to business logic vulnerabilities, such as insufficient input validation, insecure access controls, and flawed decision-making logic. The effectiveness of static analysis techniques in pinpointing server-side business logic vulnerabilities is evaluated, revealing promising results, particularly in detecting parameter manipulation vulnerabilities. Notably, the study discovered vulnerabilities in two live applications that could lead to severe financial problems, underscoring the real-world implications of these vulnerabilities. However, challenges such as false positives and the need for manual verification are also acknowledged. The study concludes by proposing improvements and future research directions, including exploring advanced techniques like machine learning and natural language processing and integrating dynamic analysis and real-world testing scenarios to enhance the accuracy and efficiency of static analysis. The findings contribute to the understanding of utilizing static analysis techniques for detecting server-side business logic vulnerabilities, offering insights for developing more robust and efficient vulnerability detection tools. / I den verkliga världen är webbapplikationer avgörande inom olika områden, från e-handel till finans och sjukvård. Dessa applikationer är dock inte immuna mot sårbarheter, särskilt inte i affärslogiken. Att upptäcka sådana sårbarheter kan vara en utmaning på grund av komplexiteten och mångfalden i applikationernas funktionalitet. Därför finns det ett växande behov av automatiserade verktyg och tekniker som kan hjälpa till att identifiera sårbarheter i affärslogiken. Denna forskningsstudie undersöker hur effektiva statiska analystekniker är för att upptäcka sårbarheter i affärslogiken på serversidan genom analys av JavaScript-kod på klientsidan. Studien utforskar olika analystekniker, inklusive kodparsing, dataflödesanalys som detektionsmetoder, och deras tillämpning för att identifiera potentiella sårbarheter. Avhandlingen identifierar också vanliga brister som bidrar till sårbarheter i affärslogiken, såsom otillräcklig validering av indata, osäkra åtkomstkontroller och bristfällig logik för beslutsfattande. Effektiviteten hos statiska analystekniker för att hitta sårbarheter i affärslogiken på serversidan utvärderas och visar på lovande resultat, särskilt när det gäller att upptäcka sårbarheter i parametermanipulation. I studien upptäcktes sårbarheter i två live-applikationer som kan leda till allvarliga ekonomiska problem, vilket understryker de verkliga konsekvenserna av dessa sårbarheter. Utmaningar som falska positiva resultat och behovet av manuell verifiering erkänns dock också. Studien avslutas med förslag på förbättringar och framtida forskningsinriktningar, inklusive utforskning av avancerade tekniker som maskininlärning och naturlig språkbehandling och integrering av dynamisk analys och verkliga testscenarier för att förbättra noggrannheten och effektiviteten hos statisk analys. Resultaten bidrar till förståelsen för att använda statiska analystekniker för att upptäcka sårbarheter i affärslogik på serversidan, och ger insikter för att utveckla mer robusta och effektiva verktyg för sårbarhetsdetektering. JavaScript Static Analysis Business Logic Vulnerabilities Client-side Fuzzing Black-box JavaScript statisk analys sårbarheter i affärslogiken klientsidan Fuzzing Black-box Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
372	Design of a Calendar System : A Plugin for WordPress Herrera, Victor January 2016 (has links) The company Ehandelslösningar works within web development, primarily with e-commerce where they have both individuals and companies as their customers. Some of these companies offer services of their own and as a result, these companies have their own customers whom they have to meet and interact with on a daily basis. This led to Ehandelslösningar wanting their own calendar system, so that these companies could then use it to set up appointments. The requirement was that the developed calendar system had to be user-friendly, contain necessary functionality, and that it had to be implemented as a WordPress plugin. The project was therefore divided into two parts, the first centering on how to design a calendar system, and the second being the development and implementation of the calendar system as a WordPress plugin. The project began with a literary study of the different aspects that make up this project, such as calendars and WordPress, as well as user-friendly design and plugin security. Existing WordPress calendar plugins and other online calendar systems were chosen for analysis. The analysis was done in order to identify strengths and flaws in the design of calendar systems, which in turn would help the development of the WordPress plugin. Based on the analysis, features were selected and then implemented into the developed WordPress plugin, which is named EHLCalendar. The admin of a WordPress website can create time slots, practitioners and services once they have activated EHLCalendar. Visitors select a service, the practitioner they want, and a date in order to see the available time slots and book an appointment. / Företaget Ehandelslösningar arbetar inom webbutveckling, främst med e-handel där de har både privatpersoner och företag som sina kunder. Vissa av dessa företag erbjuder tjänster, vilket innebär att företagen möter och interagerar med sina egna kunder dagligen. På grund av detta så vill Ehandelslösningar ha sitt eget kalendersystem som dessa företag kan använda för att hantera tidsbokningar med sina kunder. Kraven var att kalendersystemet som utvecklas ska vara användarvänligt, innehålla nödvändig funktionalitet samt vara implementerad som ett plugin för WordPress. Projektet är därför uppdelat i två delar. Det första gäller designen av ett kalendersystem, och det andra gäller utvecklingen och implementationen av kalendersystemet som ett WordPress plugin. Projektet började med en literaturstudie av de olika aspekterna som projektet består av, så som kalender och WordPress, samt användarvänligt design och plugin säkerhet. Existerande kalender plugin för WordPress och andra online kalendersystem blev valda för analys. Analysen utfördes för att kunna identifiera styrkor och svagheter i designen av ett kalendersystem. Kunskapen från analysen hjälper sedan utvecklingen av WordPress pluginet. Efter analysen valdes funktioner som sedan blev implementerade i den utvecklade WordPress pluginet, nämd EHLCalendar. Genom att aktivera EHLCalendar så kan en administratör skapa tillgängliga tider, praktiker och tjänster i sin WordPress webbsida. En användare som besöker sidan behöver sedan välja en tjänst, den praktiker de vill ha, och ett datum för att se dem tillgängliga tiderna som kan bokas. Calendar Calendar System Booking System Event Calendar WordPress PHP HTML Javascript Booked The Events Calendar Booki Cliento Bokadirekt Kalender Kalendersystem Bokningssystem Evangemangskalender WordPress PHP HTML Javascript Booked The Events Calendar Booki Cliento Bokadirekt Computer and Information Sciences Data- och informationsvetenskap
373	Dynamic Website and Data Engine Generators for Distributed Enterprise/Business Architectures Qaddoura, Fareed 17 December 2004 (has links) Creating websites providing dynamic services is an extensive process. Intelligent systems are used to create websites with dynamic services. Current intelligent systems are hard to use and configure by the average user. The generated websites are usually custom built to solve one problem and cannot be fully customizable for users on different environments. This thesis presents a technological solution that enables the average user to create websites with dynamic services by providing a number of parameters. The website generator is a web-based application that generates all the components of the website. The components act as portlets and the generated website will be the portal application. The data engine generator creates the website's underlying database. To enable distributed enterprise/business architecture, the data engine generator records the metadata about the database and the website to be generated. The website generator is a cost effective, dynamic, secure, reliable, and scalable solution that outperforms current website generators and portal applications. DOM DHTML HTML XML Distibuted Database Portal Oracle Tomcat JSP Java Servlets Java Applets JavaScript Website Generator Data Engine Generator
374	An Investigation of Data Flow Patterns Impact on Maintainability When Implementing Additional Functionality Magnusson, Erik, Grenmyr, David January 2016 (has links) JavaScript is breaking ground with the wave of new client-side frameworks. However, there are some key differences between some of them. One major distinction is the data flow pattern they applying. As of now, there are two predominant patterns used on client side frameworks, the Two-way data flow pattern and the Unidirectional data flow pattern. In this research, an empirical experiment was conducted to test the data flow patterns impact on maintainability. The scope of maintainability of this research is defined by a set of metrics: Amount of lines code, an amount of files and amount of dependencies. By analyzing the results, a conclusion could not be made to prove that the data flow patterns does affect maintainability, using this research method. JavaScript Framework Client side Unidirectional data flow Two-way data flow Data Flow Pattern React Flux Angular 2 Ember Vue
375	Web-Based Information System for SME / Webový informační systém pro SME Hornof, Johan January 2010 (has links) Nowadays, every single company needs to operate with large amount of data to support daily operation. Although there is pretty good market offer with information systems for managing various kinds of data, only small part of them is suitable for the company that does not deal with sale of goods but provides services, particularly marketing services or IT services (e.g. programming). This thesis describes the design and development of such a system which has a main goal to satisfy the needs of small to medium companies whose needs are still different than what currently marketed products can offer. Such a system will, apart from other functions, be able to manage projects and track work time of employees.
376	Two-factor Authentication and Digital Signing for an Enterprise System utilizing Yubikey Hilm, David, Rahim, David January 2019 (has links) The use of a second factor to increase the security of systems is growing and has continued to do so for a long time. This thesis explores options for implementation to use a YubiKey as an authentication method (OTP) as well as for signing digital transactions through a web browser client. Measures of network overhead that occurs in conjunction with Digital Signing of transactions are also disclosed. Our findings show that YubiKey provides flexible and readily available solutions that can be used with only small implementations for OTP authentication. It is also shown that the major concern for implementing a solution for a web browser is to intuitively use certificates stored on a USB-device without installing any plugins or with the use of a third-party application running on the client machine. Digital signature Security Two-factor Authentication Authentication Cryptography YubiKey JavaScript WebCrypto Universal Second Factor Software Engineering Programvaruteknik
377	Design and implementation of a blockchain shipping application Bouidani, Maher M. 31 January 2019 (has links) The emerging Blockchain technology has the potential to shift the traditional centralized systems to become more flexible, efficient and decentralized. An important area to apply this capability is supply chain. Supply chain visibility and transparency has become an important aspect of a successful supply chain platform as it becomes more complex than ever before. The complexity comes from the number of participants involved and the intricate roles and relations among them. This puts more pressure on the system and the customers in terms of system availability and tamper-resistant data. This thesis presents a private and permisioned application that uses Blockchain and aims to automate the shipping processes among different participants in the supply chain ecosystem. Data in this private ledger is governed with the participants’ invocation of their smart contracts. These smart contracts are designed to satisfy the participants’ different roles in the supply chain. Moreover, this thesis discusses the performance measurements of this application results in terms of the transaction throughput, transaction average latency and resource utilization. / Graduate Blockchain Hyperledger Public Key Private Key Public Key Cryptography Shipping and Logistics Blockchain Framework Hash Function Consensus Merkle Tree RESTful JavaScript
378	Design and implementation of an end-user programming software system to create and deploy cross-platform mobile mashups Kaltofen, Sandra January 2010 (has links) No description available. Android Cross-platform mobile frameworks Google Web Toolkit iPhone Java JavaScript Mashups Mobile mashups Web 2.0 APIs Web development frameworks
379	以前端瀏覽器為中心之雲端運算服務模型研究 / A Research into Cloud Computing Service Model – Focusing on Front-end Browser 余宛儒 Unknown Date (has links) 本研究針對目前最新技術發展趨勢，提出一個以瀏覽器為中心的雲端運算服務模型。本研究稱之「雲端服務交換器系統」，解決後端大量巨量資料透過緩衝區送至前端瀏覽器頁面顕示之問題並改善傳輸速度。本研究整合MongoDB、AngularJS、Socket.IO、Kafka、Node.js五項元素。研究解決前端中JavaScript與網頁互動之困難、前後端開發語言相容性問題、巨量資料需求造成的伺服器負載量、前後端即時通訊效能等問題，最後達成建置高頻交易網站之目的。雲端運算巨量資料大數據 MongoDB Kafka Socket.IO Node.js JavaScript AngularJS
380	Sound Meets Type : Exploring the form generating qualities of sound as input for a new typography Stensholt, Håkon Meyer January 2014 (has links) How can you create new letterforms using sound as input? In Sound meets Type, have I studied the form generating qualities of sound as input for a new typography. Through history the technological development has provoked new approaches to type design, which in turn has evolved letterforms. By using generative systems to search for letterforms in a contemporary and technological context, I have created a customized software that uses the data inherent in sound as a form generator for possible new letterforms. The software is developed by using a language called Javascript. The thesis consist of a written part and a creative part. The creative part is documented within this thesis. sound music typography type programming generative design javascript graphic design letterforms form giver technology customize software data

Search results