Tinklalapio atsako laiko priklausomybės nuo XSS apsaugos tyrimas / Research of Website Response Time Dependence on XSS Protection

Mockus, Dainius

26 August 2013

Išaugus internetinių sistemų naudojimo populiarumui, vis daugiau slaptų, asmeninių duomenų talpinama internete, atliekamos įvairios finansinės operacijos. Toks reiškinys tapo viena iš esminių priežasčių, lėmusių išaugusį nusikaltimų skaičių internetinėje erdvėje. Dažnai informacijos perėmimas ar kitos kenkėjiškos operacijos atliekamos įterpiant programinį kodą į vartotojo peržiūrimą tinklapį (XSS ataka). Šių atakų metu bandoma įterpti į svetainę kenkėjišką kodą, kurį naršyklė įvykdys vartotojui atsidarius svetainę. Kodo įterpimo atakos yra sunkiai sustabdomos, nes internete veikiančios programos tampa vis dinamiškesnės ir jos suteikia vartotojui vis daugiau laisvės įvairiausiems veiksmams. XSS atakoms dažniausiai yra naudojami JavaScript programavimo kalba parašyti kodai, tačiau gali būti panaudoti ir HTML, Flash ar bet kokio kito tipo kodai, kuriuos gali įvykdyti vartotojo naršyklė. Šio tipo atakos nukreiptos prieš vartotojus, o ne serverius. Užpuolikai dažniausiai renkasi patikimo turinio svetaines, kuriomis vartotojai pasitiki ir taip tampa lengviau pažeidžiami. / With the increase of popularity in using online systems, more and more sensitive and personal data is stored on the Internet, and a variety of financial transactions are performed there. This phenomenon has become one of the essential reasons that have increased the number of crimes on the Internet. Often transferring information and performing some malicious operations include inserting program code to the website that the user is viewing (XSS attack). During these attacks, cyber criminals attempt to insert malicious code to the website, which the browser will perform when the user opens that website. Code insertion attacks are difficult to stop because the programs that work on the Internet are becoming more dynamic and allow the user to perform actions more freely. Usually, XSS attacks use codes created with JavaScript. However, cyber criminals can also use HTML, Flash or any other type of codes which user’s browser can perform. This type of attacks is directed to the users and not servers. The attackers usually choose websites with reliable content which are trusted by users and this way these websites become more vulnerable.

Informatics

xss

Apsauga

Tinklalapio atsako laikas

Xss

Security

Website response time

Žurnalo "Lietuvos matematikos rinkinys" duomenų bazės sukūrimas ir realizavimas / Journal „lietuvos matematikos rinkinys" database creation and realization

Ruseckas, Evaldas

08 September 2009

Darbo esmė – išanalizuoti naujausius galimus literatūros šaltinius, įgalinančius kurti galimus problemos sprendimus. Spręsti problemą. Pateikti gautus teorinius ir eksperimentinius rezultatus. Suformuluoti išvadas. Darbo tikslas – suformuluoti magistrinio darbo problemą, parengti teorinę bazę, atlikti praktinius eksperimentus bei juos pagrįsti. Pasiekti rezultatai: išanalizavus turimą literatūrą, paskaitinėjus kelis internetinius forumus buvo pastebėta, kad daugiausia dėmesio skiriama greičiui. T.y. dažniausiai norima pasiekti, kad konkreti interneto svetainė kuo greičiau pasiektų vartotoją. Tad pagrindinis galutinio magistrinio darbo akcentas ir buvo maksimalaus greičio pasiekimas, panaudojant kuo mažiau resursų. Buvo tiriami šie dalykai: duomenų bazė, programavimas, bendravimas su duomenų baze. Tyrimo objektas – tai bakalaurinio darbo metu sukurta duomenų bazė ir interneto svetainė http://www.mii.lt/lmrj. Dažnai pasitaiko toki atvejai, kai vienai problemai išspręsti teoriškai egzistuoja keli variantai. Tačiau tik praktiškai viską patikrinus išaiškėjo, kuris iš tų galimų variantų yra tinkamiausias. Nuspręsta apsistoti ties labiausiai tinkančiomis priemonėmis tiriamam objektui. Pasiekta tris kartus didesnė sparta. / The title of thesis: Journal „Lietuvos Matematikos Rinkinys“ database creation and realization. Main goals of work were to formulate purposes and researches for a master‘s work, to prepare pure base, to make and to prove experimental jobs. During my work I analyzed all possible literature, read some internet forums, where I find out that mostly attention is pointed to overall speed. Videlicet commonly developers want to achieve, that their internet pages could reach final destination as quickly as possible. So the main accent of the master‘s work was to reach maximum speed with least resources. Researches were made on these objects: database, programming, communication with database. The most important object of researches was database and internet site http://www.mii.lt/lmrj, which I created in my bachelor‘s work. I find out that often occurs such situations, when in theory exists few solutions for one problem. But only in practice I got some answers, and now I know, which variant is the best. I decided to stay on mostly fittable possibilities for the research object. And in final version performance increased around three times.

Duomenų bazė

Database

Interneto svetainė

Internet website

Optimizavimas

Optimization

Sparta

Speed

Valiutų kursų stebėjimo sistema / Exchange Rates Monitoring System

Griazev, Kiril

04 August 2011

Šiuo metų informacinės technologijos vystosi labai sparčiai, tai ypač pastebima internete. Įmonės stengiasi kuo daugiau informacijos apie save ir savo paslaugas pateikti savo interneto svetainėse, kadangi žmonės informacijos vis dažniau ieško internete. Ne išimtis ir bankai, kurie pateikia visą informaciją apie save, ir savo paslaugas savo interneto svetainėse, tačiau kiekvieno banko interneto svetainės struktūra yra skirtinga, todėl norint sužinoti ir palyginti valiutų kursų duomenis skirtinguose bankuose užima daug laiko. Taip pat bankai neteikia tokios paslaugos kaip valiutos kurso kitimo istorija, kas yra aktualu atliekant valiutos keitimo operaciją. Bakalauro baigiamojo darbo tikslas – sukurti valiutų kursų stebėjimo sistemą, paremta Lietuvos bankų pateikiamais valiutų kursų duomenimis, pateikti vartotojams valiutų kursų duomenis iš skirtingų Lietuvos bankų vienoje vietoje, bei suteikti jiems įrankius, kurių dėka jie galėtų palyginti duomenis tarp skirtingų bankų. Pasinaudodami kuriama sistema vartotojai sutaupytų daug laiko, ne tik dėl to kad visi duomenys pateikiami vienoje vietoje, bet ir dėl to kad kiekvieno banko duomenys bus pateikiami vienoda forma, todėl juos bus lengva suprasti ir analizuoti. / Nowadays everybody use internet to either find or spread information. Banks do the same, in fact clients no longer need to visit bank, because everything can be done online, which means that banks provide a lot of information to it’s customers. Aim of the project is to create a system, which would provide users with Exchange rates data from Lithuanian banks in an unified, easy to understand format. System must monitor and collect Exchange rates fluctuation data supplied by Lithuanian banks automatically. System requirements and architecture were determined after carrying out an analysis of similar systems. Main requirements for the system are that the data collection should be performed automatically, so that the system can operate with minimum maintenance required. Users must be able to view daily Exchange rates data as well as have the ability to view historic graphs for a specific currency in a specific bank, perform currency Exchange calculations in a specific bank or compare the results between selected banks. Based on system requirements specification and architectural specification system testing was conducted in order to find and fix system errors and also check system compatibility with different server-side and user-side software. User manual is also available for both, system administrators and end-users.

Informatics Engineering

Valiutų kursai

Duomenų gavyba

Grafinis duomenų pateikimas

Žiniatinklis

Exchange rates

Monitoring

Data mining

Website

Lietuvos kolegijų interneto tinklapių priimtinumo vartotojams veiksniai / Factors influencing user friendliness of Lithuania colleges' websites

Vipartienė, Kristina

25 June 2013

Magistro baigiamajame darbe nagrinėjami Lietuvos kolegijų interneto tinklapių priimtinumo vartotojams teoriniai ir praktiniai ypatumai. Darbo problema: kokie veiksniai lemia kolegijų interneto tinklapių priimtinumą vartotojams ir koks jų kokybės lygis šiose svetainėse. Objektas – Lietuvos kolegijų interneto tinklapiai ir jų priimtinumo vartotojams veiksniai. Darbo tikslas – nustatyti pagrindinius kolegijų tinklapių priimtinumo vartotojams veiksnius, sudaryti priimtinumo modelį bei atlikti kolegijų tinklapių vertinimą pagal šį modelį. Tikslui pasiekti buvo įvykdyti šie uždaviniai: atlikta mokslinės literatūros ir teisinių dokumentų analizė, išskirti kolegijų tinklapių priimtinumo vartotojams veiksniai ir elementai bei sudarytas priimtinumo modelis, atliktas bendras kolegijų tinklapių priimtinumo vartotojams empirinis tyrimas bei konkrečios kolegijos tinklapio kokybės atvejo analizė. Darbo pabaigoje pateikti kolegijų tinklapių tobulinimo pasiūlymai. Darbe panaudoti šie tyrimo metodai: mokslinės literatūros analizė, teisinių dokumentų analizė, statistinių duomenų apžvalga, lyginamoji analizė, apibendrinimas, empirinis tyrimas, anketinė apklausa, kiekybinių ir kokybinių duomenų analizė, atvejo tyrimas. Remiantis mokslinės literatūros, teisinių dokumentų bei kolegijų veiklos analize nustatyti pagrindiniai kolegijų tinklapių priimtinumo vartotojams veiksniai, sudarytas kolegijų tinklapių priimtinumo modelis bei vertinimo elementų ir kriterijų sąrašas, kuriuo efektyviai gali... [toliau žr. visą tekstą] / In the Master’s Thesis there are analyzed theoretical and practical user friendliness peculiarities of Lithuanian college websites. The thesis issue: what are the factors that cause the user friendliness of college websites for users and what is their quality level on these websites. The object is Lithuanian college websites and their user friendliness factors for users. The aim of the Master’s thesis is to define the key user friendliness factors of college websites for users, to complete the acceptability model and carry out the assessment of college websites according to this model. In order to achieve the following aim, there were conducted the following objectives: executed the analysis of scientific literature and legal documents, distinguished user friendliness factors and elements of college website and completed acceptability model, conducted general empirical research in the acceptability of college websites for users and the quality analysis case study of the certain college website. At the end of the final thesis there are provided development proposals for college websites. There were applied the following research methods in the thesis: analysis of scientific literature, analysis of legal documents, review of statistical data, comparative analysis, generalization, empirical research, questionnaire survey, analysis of quantitative and qualitative data and case study. Following the analysis of scientific literature, legal documents and college activities there... [to full text]

Marketing and Administration

Tinklapis

Priimtinumas vartotojams

Kolegijos

Kokybė

Website

User friendliness

Colleges

Quality

Is What You See What You Get? Exploring the Role of Virtual Reference Icons on Academic Library Websites

King, Martina

Unknown Date

No description available.

icon

reference

virtual

website

online

library

academic

visual

communication

graphic

design

standard

student

Enhancing trust online A cross Bsectional study on users judgments of online bank websites in Germany

Martin, Gabi, Jonasson, Joakim

January 2014

Background: One the latest developments in the banking sector are online banks, which provide their services only online while physical offices are not available. Market research conducted in Germany, have shown that Germans are hesitating to adopt to the digital offered banking services. The major barrier for adoption is due to trust issues, which are rooted in perceived security and privacy protections. Earlier literature has found that other website interaction factors are also playing a role in order to enhance the trustworthiness of a website. Trust is a necessity in every economic and social relationship, since all relationships involve a possibility that one of the actors behaves opportunistically, and takes advantage of the other actor. The chance of opportunistic behavior contributes to the level of judged risk in the specific relationship, and together with trust ultimately affects the adoption of online banks. In order for users to become consumers of an online bank, they need to judge the online bank website as trustworthy. These judgments can be done either intuitively or throughout reasoning, considering information. The marketing field is emphasizing that intuitive judgments are essential in order to attract new consumer. However, the psychology field is stressing that even though most individuals tend to rely on intuitive judgments, these can be wrong since they can be based on heuristics and include biases. Purpose: In order to understand the formation of judgments by users of an online bank website, the purpose of our thesis is twofold. First, to measure the relationships between the website interaction factors and the concepts trust and risk. Second, with a lower degree of ambition, the purpose is to measure the relationship between intuitive and reasoned trust judgments. Methodology: The study was conducted through a quantitative research method. A six-point scale questionnaire was used in order to examine the relationships between trust, risk and the website interaction factors. A web-based questionnaire was sent out to German web users, where in total 122 respondents responded. The sample was equally split into online bank consumers and non-consumers. The statistical analysis of the data revealed results enabling to fulfill the purpose. Results: The findings of our thesis demonstrate that online bank consumers and non-consumers do not significantly differ in their judgments regarding the websites. The perceptions of the information quality, security and privacy protection are found as the most influential website interaction factors towards the trust judgments. Privacy and security protection are mostly influence website users in their risk judgment. Our study further reveals that online bank website users make their trust judgments through the first impression while further considerations of the websites' content enhance their trust judgments.

trust

risk

website interaction factors

online bank

judgments

intuition

reasoning

Germany

Web based assistance for parents to help children and adolescents deal with the effects of economic instability in the family / Lene Janse van Rensburg

Van Rensburg, Lene Janse

January 2014

The global financial crisis has proved to have had a significant impact on countries worldwide and South Africa was not spared of this global phenomenon. The ecological systems theory, family systems theory and gestalt field theory accentuate the impact a change within the environment can have on interconnected systems and it is therefore argued that the global unstable economy can have a significant impact on families and children. Literature indicates a vast amount of confirmation on the impact of the financial crisis on already poverty stricken areas. On the contrary, less focus is offered on the impact of the financial crisis on families within middle to upper class communities. Preliminary research confirms that although the basic needs of these families (such as food and shelter) have not been affected, significant change with regards to luxuries and expenditure patterns is present. Due to the fact that parents within families are also faced with financial difficulties, these changes are not facilitated and discussed with children and adolescents, causing unresolved emotions and uncertainties. This research was therefore aimed at the development of web based assistance for parents. In addition to the set aim of this research, the study arrived at findings that indicate and emphasise the important contribution of this study. Intervention research as research method was used in the conducting of the study. The developed web based assistance proved to serve as a functional tool for parents in addressing financial issues with their children and adolescents. It also raised parents’ awareness of the impact that a change in finances in the family can have which empowered the parents as well. It was also significantly noted that the website can be utilised within an educational setting which enhances the applicability of this study. The developed assistance contributes to society as it serves as a cost effective, accessible means of providing parents with practical guidelines and activities to help their children and adolescents deal with the effects of economic instability within the family. / PhD (Psychology), North-West University, Potchefstroom Campus, 2014

Website

Economic instability

Children

Adolescents

Family

Webtuiste

Ekonomiese onstabiliteit

Kinders

Adolessente

Familie

CredProxy: A Password Manager for Online Authentication Environments

Golrang, Mohammad Saleh

20 December 2012

Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing.

Dictionary Attacks

Password Managers

Password Security

Website User Authentication

Virtual Keyboards

MITB Attacks

Coastal Community Climate Change Adaptation Framework Development and Implementation

Mingliang, Lu

14 January 2014

As the impacts of climate change become more severe, coastal communities are required to prepare plans for adaptation to the invasive environmental changes. A well-prepared adaptation plan can effectively reduce the overall risks of coastal communities. However, a plan is not the final solution for the climate change on coastal communities. How to take the plan into action and implement it in the local communities and find the opportunities for the enhanced preparedness and development of coastal communities is the primary consideration of this thesis research. Many organizations are engaged in developing adaptation tools and guidebooks. For completing their adaptation plans, communities need to develop clear, operational, action plans, and discover the opportunities to enhance the sustainability of coastal communities. To make coastal communities more sustainable in the face of the changing climate, the public’s attention and community participation is critical. The purpose of this study is to develop an adaptation framework and action plan process system for coastal communities and at the same time, provide the general public with an enhanced opportunity to contribute their understanding about what is being done for their costal community around them and how to react when an event happens. The research is applied to the coastal communities of Richmond County, Cape Breton, Canada as a case study. The result of the work develops an adaptation “Action Plan” website for Richmond County. The website features the development, application, and simulation of a mobile communication “Action plan” application designed and implemented with the action website along to provide coastal community with communication options that exploit the local community network and enhance the community’s capacity for climate change adaptation. The emergency response community mobile app and the accompanying website are models for other communities especially those that from the coastal communities in Canada and the Caribbean as part of the C-Change ICURA project to which this research is affiliated.

Climate Change Adaptation

Action Planning

Coastal Community

Implementation

Adaptation Application and Website

禮多-禮品購物網站創業計畫 / Riddle.com.tw - Gift Shopping Website Business Plan

吳佳豪, Wu, Charlie

Unknown Date

禮多-禮品購物網站創業計畫 / Riddle.com.tw - Gift Shopping Website Business Plan

禮多

禮品

購物

網站

創業

Riddle

Gift

Shopping

Website

Business