• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 14
  • 8
  • 2
  • 1
  • 1
  • Tagged with
  • 26
  • 16
  • 15
  • 12
  • 12
  • 10
  • 9
  • 9
  • 8
  • 7
  • 7
  • 7
  • 6
  • 6
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Implementing a web-based bookingsystem using Go

Vu, Phi-Long January 2016 (has links)
The project investigated the advantages and disadvantages of Go while abooking system for Tieto was developed. The frameworks and APIs AngularJS,REST, JSON and mongoDB were used during the development of thebooking system. The result was a fully working stand-alone booking systemwith a login functionality. The back-end server was written in Go while thefront-end client was written in JavaScript using AngularJS. / Projektet undersökte fördelarna och nackdelar med Go medan ett bokningssystemför Tieto utvecklades. Under utvecklingen av bokningssystemet såanvändes ramverken och APIerna AngularJS, REST, JSON och mongoDB.Resultatet blev ett fullt fungerande fristående bokningssystem med supportför inloggning. Back-end servern var skriven i Go medan front-end klientenvar skriven i JavaScript med AngularJS.
2

Nové přístupy k automatické detekci XSS chyb / New Approaches Towards Automated XSS Flaw Detection

Steinhauser, Antonín January 2020 (has links)
Cross-site scripting (XSS) flaws are a class of security flaws particular to web applications. XSS flaws generally allow an attacker to supply affected web application with a malicious input that is then included in an output page without being properly encoded (sanitized). Recent advances in web applica- tion technologies and web browsers introduced various prevention mechanisms, narrowing down the scope of possible XSS attacks, but those mechanisms are usually selective and prevent only a subset of XSS flaws. Among the types of XSS flaws that are largely omitted are the context- sensitive XSS flaws. A context-sensitive XSS flaw occurs when the potentially malicious input is sanitized by the affected web application before being included in the output page, but the sanitization is not appropriate for the browser con- text of the sanitized value. Another type of XSS flaws, which is already better known, but still insufficiently prevented, are the stored XSS flaws. Applica- tions affected by the stored XSS flaws store the unsafe client input in persistent storage and return it in another HTTP response to (possibly) another client. Our work is focused on advancing state-of-the-art automated detection of those two types of XSS flaws using various analysis techniques ranging from purely static analysis to dynamic graybox analysis.
3

WebSockets och säkerhet i startupbolag : En studie i säkerhet kring WebSockets / WebSockets and Security In Startup Companies : A study in security around WebSockets

Roos, Robert January 2017 (has links)
WebSockets är en ny teknik för att möjliggöra snabb kommunikation på internet mellan två eller fler användare. Målet med denna studie var att undersöka de säkerhetsrelaterade problem introduktionen av WebSockets kunde medföra för startupbolag, samt specifikt hur XSS-attacker från ett serversideperspektiv skulle kunna avvärjas. Detta i syfte att ge startupbolag ett underlag att arbeta proaktivt med säkerheten, samt att initialt inte behöva köpa in externa säkerhetstjänster. En kvalitativ undersökning har genomförts med metoden litteraturstudie. Tidigare forskning i ämnet har granskats, såväl inom WebSockets, som påverkan dataintrång och specifikt XSS-attacker kan medföra för en organisation. Denna metastudie har haft som syfte att binda samman tidigare forskning för att besvara studiens frågeställning, en efterfrågad metod inom informatik som lider brist på metastudier för tillfället och där tvärvetenskaplig kunskap inte binds samman i den takt som är önskvärt. Undersökningen resulterade i att lyfta fram de viktigaste hoten att skydda sig mot, bland annat kontrollen av från vilken källa en klient de facto försöker ansluta från till en WebSockets server. Men även olika typer av XSS-attacker, där specifikt callback-modifikation identifierades som en sårbarhet med stora konsekvenser. Avslutningsvis kunde utifrån genomförd litteraturstudie en slutsats presenteras innehållande specificerade rekommendationer vid implementering av WebSockets. / WebSockets is a new communications protocol for the web, enabling fast communication between two or more clients. The overall goal with this study was to investigate the security related problems the introduction of WebSockets could have in start-up companies. Also, how XSS-attacks from a server-side perspective could be averted. This to give the foundation for how start-up companies should work proactively with the security, also not have to turn to external security services. A qualitative study has been performed with the method literature study. Earlier research in the field has been reviewed and analysed. This for both WebSockets and the impact hacking and specifically XSS-attack could have on an organization. This ’metastudy’’s main purpose has been to connect earlier research to answer the problem statements. This has according to research been asked for a lot in the informatics field, where there is a lack of these kinds of ’metastudies’. The study resulted in acknowledging the most important threats to protect against, among others the importance of inspecting what source a client is connecting from to a WebSockets server. But also, several XSS-attacks where specifically callback modification was identified as a vulnerability with big consequences. In the conclusion based on the literature study, recommendations for the proactive security work could be presented.
4

Tinklalapio atsako laiko priklausomybės nuo XSS apsaugos tyrimas / Research of Website Response Time Dependence on XSS Protection

Mockus, Dainius 26 August 2013 (has links)
Išaugus internetinių sistemų naudojimo populiarumui, vis daugiau slaptų, asmeninių duomenų talpinama internete, atliekamos įvairios finansinės operacijos. Toks reiškinys tapo viena iš esminių priežasčių, lėmusių išaugusį nusikaltimų skaičių internetinėje erdvėje. Dažnai informacijos perėmimas ar kitos kenkėjiškos operacijos atliekamos įterpiant programinį kodą į vartotojo peržiūrimą tinklapį (XSS ataka). Šių atakų metu bandoma įterpti į svetainę kenkėjišką kodą, kurį naršyklė įvykdys vartotojui atsidarius svetainę. Kodo įterpimo atakos yra sunkiai sustabdomos, nes internete veikiančios programos tampa vis dinamiškesnės ir jos suteikia vartotojui vis daugiau laisvės įvairiausiems veiksmams. XSS atakoms dažniausiai yra naudojami JavaScript programavimo kalba parašyti kodai, tačiau gali būti panaudoti ir HTML, Flash ar bet kokio kito tipo kodai, kuriuos gali įvykdyti vartotojo naršyklė. Šio tipo atakos nukreiptos prieš vartotojus, o ne serverius. Užpuolikai dažniausiai renkasi patikimo turinio svetaines, kuriomis vartotojai pasitiki ir taip tampa lengviau pažeidžiami. / With the increase of popularity in using online systems, more and more sensitive and personal data is stored on the Internet, and a variety of financial transactions are performed there. This phenomenon has become one of the essential reasons that have increased the number of crimes on the Internet. Often transferring information and performing some malicious operations include inserting program code to the website that the user is viewing (XSS attack). During these attacks, cyber criminals attempt to insert malicious code to the website, which the browser will perform when the user opens that website. Code insertion attacks are difficult to stop because the programs that work on the Internet are becoming more dynamic and allow the user to perform actions more freely. Usually, XSS attacks use codes created with JavaScript. However, cyber criminals can also use HTML, Flash or any other type of codes which user’s browser can perform. This type of attacks is directed to the users and not servers. The attackers usually choose websites with reliable content which are trusted by users and this way these websites become more vulnerable.
5

Development of Web portal for health centre Aroma in Vetlanda / Utveckling av Webbportal för Vårdcentralen Aroma i Vetlanda

Tisma, Eddie, Nilsson, Johan January 2011 (has links)
This exam paper has been made with the health care center Aroma in Vetlanda. The work was to deliver a complete web portal with an integrated booking system. The objectives were to provide a complete informative website for Aromas users with the option to make an appointment for a vaccination or health certificate, order prescriptions and get update information directly published by Aromas staff. And to give the staff of Aroma a graphical Web interface to manage the content and the booking system.The report goes through the basic language used and why. Further it takes up it how works and how the final product looks and behaves. / Detta examensarbete har gjorts med Vårdcentralen Aroma i Vetlanda.  Arbetet gick ut på att leverera en komplett webbportal med integrerat bokningssystem. Målen var att kunna leverera en informativ webbplats för Aromas användare med möjlighet att boka tid vaccinationer och intyg, beställa recept och ta del av nyheter direkt publicerade av deras personal. Samt att ge personalen ett grafiskt webbgränssnitt för att hantera allt innehåll och bokningssystemet.   Rapporten går grundläggande igenom vilka språk som använts och varför. Vidare redogörs hur arbetet har utförts och hur den slutliga produkten ser ut och fungerar.
6

Mantis The Black-Box Scanner : Finding XSS vulnerabilities through parse errors

Liljebjörn, Johan, Broman, Hugo January 2020 (has links)
Abstract [en] Background. Penetration testing is a good technique for finding web vulnerabilities. Vulnerability scanners are often used to aid with security testing. The increased scope is becoming more difficult for scanners to handle in a reasonable amount of time. The problem with vulnerability scanners is that they rely on fuzzing to find vulnerabilities. A problem with fuzzing is that: it generates a lot of network traffic; scans can be excruciatingly slow; limited vulnerability detection if the output string is modified due to filtering or sanitization. Objectives. This thesis aims to investigate if an XSS vulnerability scanner can be made more scalable than the current state-of-the-art. The idea is to examine how reflected parameters can be detected, and if a different methodology can be applied to improve the detection of XSS vulnerabilities. The proposed vulnerability scanner is named Mantis. Methods. The research methods used in this thesis are literature review and experiment. In the literature review, we collected information about the investigated problem to help us analyze the identified research gaps. The experiment evaluated the proposed vulnerability scanner with the current state-of-the-art using the dataset, OWASP benchmark. Results. The result shows that reflected parameters can be reliably detected using approximate string matching. Using the parameter mapping, it was possible to detect reflected XSS vulnerabilities to a great extent. Mantis had an average scan time of 78 seconds, OWASP ZAP 95 seconds and Arachni 17 minutes. The dataset had a total of 246 XSS vulnerabilities. Mantis detected the most at 213 vulnerabilities, Arachni detected 183, and OWASP ZAP 137. None of the scanners had any false positives. Conclusions. Mantis has proven to be an efficient vulnerability scanner for detecting XSS vulnerabilities. Focusing on the set of characters that may lead to the exploitation of XSS has proven to be a great alternative to fuzzing. More testing of Mantis is needed to determine the usability of the vulnerability scanner in a real-world scenario. We believe the scanner has the potential to be a great asset for penetration testers in their work.
7

Detecting PHP-based Cross-Site Scripting Vulnerabilities Using Static Program Analysis

Kelbley, Steven M. January 2016 (has links)
No description available.
8

Detection of web vulnerabilities via model inference assisted evolutionary fuzzing / Détection de vulnérabilités Web par frelatage (fuzzing) évolutionniste et inférence de modèle

Duchene, Fabien 02 June 2014 (has links)
Le test est une approche efficace pour détecter des bogues d'implémentation ayant un impact sur la sécurité, c.a.d. des vulnérabilités. Lorsque le code source n'est pas disponible, il est nécessaire d'utiliser des techniques de test en boîte noire. Nous nous intéressons au problème de détection automatique d'une classe de vulnérabilités (Cross Site Scripting alias XSS) dans les applications web dans un contexte de test en boîte noire. Nous proposons une approche pour inférer des modèles de telles applications et frelatons des séquences d'entrées générées à partir de ces modèles et d'une grammaire d'attaque. Nous inférons des automates de contrôle et de teinte, dont nous extrayons des sous-modèles afin de réduire l'espace de recherche de l'étape de frelatage. Nous utilisons des algorithmes génétiques pour guider la production d'entrées malicieuses envoyées à l'application. Nous produisons un verdict de test grâce à une double inférence de teinte sur l'arbre d'analyse grammaticale d'un navigateur et à l'utilisation de motifs de vulnérabilités comportant des annotations de teinte. Nos implémentations LigRE et KameleonFuzz obtiennent de meilleurs résultats que les scanneurs boîte noire open-source. Nous avons découvert des XSS ``0-day'' (c.a.d. des vulnérabilités jusque lors inconnues publiquement) dans des applications web utilisées par des millions d'utilisateurs. / Testing is a viable approach for detecting implementation bugs which have a security impact, a.k.a. vulnerabilities. When the source code is not available, it is necessary to use black-box testing techniques. We address the problem of automatically detecting a certain class of vulnerabilities (Cross Site Scripting a.k.a. XSS) in web applications in a black-box test context. We propose an approach for inferring models of web applications and fuzzing from such models and an attack grammar. We infer control plus taint flow automata, from which we produce slices, which narrow the fuzzing search space. Genetic algorithms are then used to schedule the malicious inputs which are sent to the application. We incorporate a test verdict by performing a double taint inference on the browser parse tree and combining this with taint aware vulnerability patterns. Our implementations LigRE and KameleonFuzz outperform current open-source black-box scanners. We discovered 0-day XSS (i.e., previously unknown vulnerabilities) in web applications used by millions of users.
9

Investigating the current state of securityfor small sized web applications

Lundberg, Karl Johan January 2012 (has links)
It is not uncommon to read about hacker attacks in the newspaper today. The hackers are targeting governments and enterprises, and motives vary. It may be political or economic reasons, or just to gain reputation. News about smaller systems is, unsurprisingly, not as common. Does this mean that security is less relevant of smaller systems? This report investigates the threat model of smaller web applications, to answer that very question.Different attacks are described in the detail needed for explaining their threat but the intention is not to teach the reader to write secure code. The report does, however, provide the reader with a rich source of references for that purpose. After describing some of the worst threats, the general cloud threat model is analyzed. This is followed by a practical analysis of a cloud system, and the report is closed with general strategies for countering threats.The severe destruction that a successful attack may cause and the high prevalence of those attacks motivates some security practices to be performed whenever software is produced. Attacks against smaller companies are more common now than ever before
10

Säkerhetstestning av webbapplikationer och CMS plattformen EPiServer

Ignatius, Per January 2011 (has links)
Arbetet behandlar säkerhetstestning av webbapplikationer och CMS plattformen EPiServer. För att Know IT Dalarna ska kunna fortsätta leverera säkra webblösningar efterfrågar de en säkerhetsanalys över plattformen EPiServer men även över sina egenutvecklade applikationer. Syftet med arbetet var att höja säkerheten kring Know ITs webbaserade projekt och samtidigt göra utvecklarna mer medvetna om säkerheten vid utvecklingsfasen. Resultatet var att EPiServer som plattformen tillhandahåller en fullgod säkerhet. De direkta brister som identifierades var upp till antingen Know IT eller kunden att åtgärda och ansvaret lades på den som hade hand om driften av webbplatsen. Säkerhetstesterna som utfördes var bland annat tester emot åtkomsthantering, avlyssningsattacker, lösenordsattacker, SQL-injections och XSS-attacker.För att förenkla säkerhetstestningen skapades en checklista innehållandes steg för steg för att göra en grundläggande säkerhetstestning. Den innehöll även rekommendationer till Know IT Dalarna på områden som ska belysas och undersökas i framtiden. Checklistan kan användas av utvecklarna för att säkerställa att ett pågående projekt håller en bra nivå säkerhetsmässigt. Listan måste i framtiden uppdateras och hållas i fas med den ständiga tekniska utvecklingen som sker på området.

Page generated in 0.0154 seconds