Global ETD Search

111	Untangling the Web : Finding Your Forgotten Assets Sigurdsson, Victoria January 2018 (has links) Background. In the years between 2016 and 2017, the number of attacks against web application increased by approximately 21.89 percent. The total recorded amount of incidents during 2017 was 6,502. To assure security, patching and scanning are required. This assumes that the company is aware of all their external facing web applications. The company Outpost24 is observing an increased request for a solution capable of finding all external web application owned by one company. Objectives. This thesis study six methods to identify assets owned by one company. The methods are classified into weak and strong indicators. Based on the classifications, two algorithms are developed. The algorithms are executed against two companies, Outpost24 and Company A. The objective is to evaluate the six methods and decide if the methods are suitable for retrieving assets owned by one company. Methods. This study includes two experiments testing the two algorithms on two different companies. The experiments focus on to retrieve assets and data to make a decision upon the ownership of the assets. The observed data from the experiments are compared against data known by the two companies to verify if any data is unknown to the company prior to the experiment. Results. The results show that the identified methods are suitable for both identify assets and to decide upon ownership. Furthermore, assets not previously known was possible to identify. The results from the two methods are visualized as two node maps, providing an overview of identified assets. Conclusions. It was concluded that there are methods that are useful when extracting assets from one given assets, and there are methods useful for extracting data used when deciding upon the owner. The methods will assist companies in raising their own awareness of their external facing assets, and in some cases identify assets which were previously unknown to them. forgotten assets web application asset retrieval security Computer Sciences Datavetenskap (datalogi)
112	Uma pesquisa qualitativa das práticas de testes de software no contexto das aplicações móveis. LUCIANO, Achiles Pedro da Cunha. 30 August 2018 (has links) Submitted by Lucienne Costa (lucienneferreira@ufcg.edu.br) on 2018-08-30T17:06:55Z No. of bitstreams: 1 ACHILES PEDRO DA CUNHA LUCIANO – DISSERTAÇÃO (PPGCC) 2017.pdf: 1197427 bytes, checksum: 46a99b6df28cd76000cf4c5b38285b57 (MD5) / Made available in DSpace on 2018-08-30T17:06:55Z (GMT). No. of bitstreams: 1 ACHILES PEDRO DA CUNHA LUCIANO – DISSERTAÇÃO (PPGCC) 2017.pdf: 1197427 bytes, checksum: 46a99b6df28cd76000cf4c5b38285b57 (MD5) Previous issue date: 2017-06-01 / Contexto: O desenvolvimento de aplicações móveis cresce, acompanhando as constantes evoluções do hardware dos dispositivos. Com esta evolução, mais e mais recursos são adicionados e integrados à vida diária dos usuários. Contudo, a prática de testes de software utilizada pela comunidade para garantir o correto funcionamento das aplicações, incluindo a verificação de aspectos de segurança, portabilidade e compatibilidade, continua sendo um assunto pouco difundido. Objetivo: O objetivo deste estudo é compreender como as equipes lidam com a prática de testes de software aplicada ao contexto móvel, a relação cotidiana dos desenvolvedores com a literatura científica, a automação de testes e os desafios encontrados neste contexto. Método: Foi elaborado um estudo qualitativo, baseado na metodologia de Análise Temática, em três etapas: um survey, de caráter exploratório, que obteve 44 respostas de profissionais da área, seguido de uma seção de entrevistas com 12 profissionais para detalhar as questões levantadas durante o survey e um novo survey, de caráter confirmatório, que obteve 54 respostas e permitiu aos respondentes avaliar as principais conclusões das etapas anteriores. Resultados: Nossos resultados indicam a preferência dos desenvolvedores por testes manuais em detrimento da automação e o uso de testes funcionais automáticos de performance em alternativa, a escassez de referências para criação dos cenários de teste e os meios utilizados pelos profissionais para lidar com desafios como a fragmentação. / Context: Mobile WebApplicationdevelopmentincrease,followedbyoftenhardwareevolutions fromdevices.Withthisdevelopment,moreandmorefeatureshasbeenaddedina daily lifeofusers.However,thepracticesofsoftwaretestingusedbydeveloperstoensure the correctexecutionflowoftheapplication,includingsafetyaspects,portabilityandcompatibility,remainsawidespreadissue. Objective: This studyaddresseshowtounderstand teams andhowtheyapplythetestsinthedevelopmentphase.plan. Method: There was elaborated aqualitativestudy,basedonTematicAnalisysmethodology,inthreestages:a exploratorysurvey,thatcollected44answersfromprofessionals,followedbyaninterview with 12professionalstodetailtheanswerscollectedduringtheexploratorysurveyanda newconfirmatorysurvey,thatcollected54answersandallowedtheprofessionalstoevaluate the mainconclusionsfrompreviousstages. Results: Our resultsshownapreferencefrom developersformanualtestingoverautomationanduseofautomaticfunctionaltestsinstead, the lackofreferencestocreatenewtestscenariesandthemethodusedbyprofessionalsto deal withchallengessuchasfragmentation. Ciência da Computação Engenharia de Software Engenharia de Software Testes de Software Aplicações Móveis Mobile Web Application Practices of Software Testing
113	Portál pracovních příležitostí na inovativních projektech PERNÍK, Daniel January 2017 (has links) This master thesis deals with problematics of web application design and development. The purpose is to help technology-oriented projects to build their work teams. The thesis analyzes the target group and describes the process of production deployment. The project management and future development areas are also covered.
114	Elektronický obchod v praxi / E-commerce in practice DOŠEK, Jiří January 2012 (has links) This graduation thesis deals with a detailed study of electronic commerce. The development process of e-commerce is described from the early ages of internet trading in the world and in the Czech Republic. The thesis also presents various types of electronic commerce and the practical part of the thesis provides practical examples of two enterprises and describes their life cycle from the foundation up to the effective functioning in practice. In the conclusion of my thesis, a suggestion of an innovative feature is created by a practical application, and is embedded into the internet trade.
115	A Study of Online Security Practices January 2017 (has links) abstract: Data from a total of 282 online web applications was collected, and accounts for 230 of those web applications were created in order to gather data about authentication practices, multistep authentication practices, security question practices, fallback authentication practices, and other security practices for online accounts. The account creation and data collection was done between June 2016 and April 2017. The password strengths for online accounts were analyzed and password strength data was compared to existing data. Security questions used by online accounts were evaluated for security and usability, and fallback authentication practices were assessed based on their adherence to best practices. Alternative authentication schemes were examined, and other security considerations such as use of HTTPS and CAPTCHAs were explored. Based on existing data, password policies require stronger passwords in for web applications in 2017 compared to the requirements in 2010. Nevertheless, password policies for many accounts are still not adequate. About a quarter of online web applications examined use security questions, and many of the questions have usability and security concerns. Security mechanisms such as HTTPS and continuous authentication are in general not used in conjunction with security questions for most web applications, which reduces the overall security of the web application. A majority of web applications use email addresses as the login credential and the password recovery credential and do not follow best practices. About a quarter of accounts use multistep authentication and a quarter of accounts employ continuous authentication, yet most accounts fail to combine security measures for defense in depth. The overall conclusion is that some online web applications are using secure practices; however, a majority of online web applications fail to properly implement and utilize secure practices. / Dissertation/Thesis / Combination of Security Practices / Coded Account Data for 282 and 230 Web Applications / Password Recovery Statistics and Graphs / Password Policies Statistics and Graphs / Security Question Statistics and Graphs / Masters Thesis Computer Science 2017 Computer science Web studies Fallback Authentication Mulitfactor Authentication Password Policy Primary Authentication Security Question Web Application
116	Moving Target Defense for Web Applications January 2018 (has links) abstract: Web applications continue to remain as the most popular method of interaction for businesses over the Internet. With it's simplicity of use and management, they often function as the "front door" for many companies. As such, they are a critical component of the security ecosystem as vulnerabilities present in these systems could potentially allow malicious users access to sensitive business and personal data. The inherent nature of web applications enables anyone to access them anytime and anywhere, this includes any malicious actors looking to exploit vulnerabilities present in the web application. In addition, the static configurations of these web applications enables attackers the opportunity to perform reconnaissance at their leisure, increasing their success rate by allowing them time to discover information on the system. On the other hand, defenders are often at a disadvantage as they do not have the same temporal opportunity that attackers possess in order to perform counter-reconnaissance. Lastly, the unchanging nature of web applications results in undiscovered vulnerabilities to remain open for exploitation, requiring developers to adopt a reactive approach that is often delayed or to anticipate and prepare for all possible attacks which is often cost-prohibitive. Moving Target Defense (MTD) seeks to remove the attackers' advantage by reducing the information asymmetry between the attacker and defender. This research explores the concept of MTD and the various methods of applying MTD to secure Web Applications. In particular, MTD concepts are applied to web applications by implementing an automated application diversifier that aims to mitigate specific classes of web application vulnerabilities and exploits. Evaluation is done using two open source web applications to determine the effectiveness of the MTD implementation. Though developed for the chosen applications, the automation process can be customized to fit a variety of applications. / Dissertation/Thesis / Masters Thesis Computer Science 2018 Computer science Automated Source Code Randomization Computer Science Dynamic Configurations Moving Target Defense Web Application Security
117	DESENVOLVIMENTO DE UM APLICATIVO WEB PARA ELABORAÇÃO DO PLANEJAMENTO ESTRATÉGICO PESSOAL / DEVELOPMENT OF WEB APPLICATION TO CREATE THE PERSONAL STRATEGIC PLANNING Pasini, Mártin Paulo Batistella 13 September 2013 (has links) Conselho Nacional de Desenvolvimento Científico e Tecnológico / This study proposes to systematization and development tool that helps in the process of formulation, implementation and evaluation of personal strategic planning (PSP). Is an exploratory study, applied nature and qualitative approach. To solve the problem initially proposed, through bibliographical research, it was possible to establish a deep reflection about the PEP in five areas: individual, professional, familial, personal business, and political and social participation, in addition to, discuss the concepts involved in the modeling of processes and in the definition of the concepts of web application and usability of systems. Based on these concepts, and given the absence of a detailed description of the process of drafting the PEP in the literature, it was necessary to model the planning process in its current state (As is) in accordance with the experiences of authors and references from the bibliography, to then systematize a proposed process for use in web application development. Identified the steps and detailed elements of each step was possible to develop a web application with a distributed structure in operating modules, which include: access to the system, formulation of PSP, reports, submissions and administrative control. Thus, the web application developed in this study, is an important tool for allowing the complete elaboration of PSP, since an understanding of the concepts of each planning area, until the implementation of the management action plan. / Este estudo propõe a sistematização e o desenvolvimento de um aplicativo que contribua no processo de formulação, implementação e avaliação do Planejamento Estratégico Pessoal (PEP). Trata-se de um estudo exploratório, de natureza aplicada e abordagem qualitativa. Para a solução do problema proposto inicialmente, através da pesquisa bibliográfica foi possível estabelecer uma profunda reflexão sobre o PEP nas cinco áreas: individual, profissional, familiar, negócios pessoais e, participação política e social, além de discutir os conceitos envolvidos na modelagem de processos e, na definição dos conceitos de aplicação web e usabilidade de sistemas. Com base nestes conceitos, e diante da ausência da descrição detalhada do processo de elaboração do PEP na literatura tornou-se necessário modelar o processo de planejamento no seu estado atual (As is) conforme as experiências dos autores e referências da bibliografia para então sistematizar uma proposta de processo para a utilização no desenvolvimento da aplicação web. Identificados os passos e detalhados os elementos de cada etapa foi possível desenvolver um aplicativo web que possui uma estrutura distribuída em módulos operacionais, que contemplam: acesso ao sistema, formulação do PEP, relatórios, feedbacks e controle administrativo. Assim, a aplicação web desenvolvida neste estudo, apresenta-se como uma importante ferramenta por permitir a elaboração completa do PEP, desde a compreensão dos conceitos envolvidos em cada área do planejamento, até o gerenciamento da implementação do plano de ação. Planejamento Estratégico Gestão Estratégica Aplicativo Web Strategic Planning Strategic Management Web Application
118	Designing a custom-made minimal CRM web application for performance and varying screen sizes Lundgren, Tobias January 2016 (has links) In a world where the using of applications to simplify task has been more popular in both business and private. The need of an custom-made solution will be very interesting. But it is not enough in many cases, for satisfies its purpose. Sometimes the application also has to achieve good performance and work on multiple devices in a proper way. This thesis investigate what parameters that can used to analyze performance by mea- sure the page load time and what methods that can be used to achieve good performance. This thesis also investigates how we can get our application to adapts varying screen sizes on different devices. CRM web application performance responsive design bootstrap Computer Sciences Datavetenskap (datalogi)
119	Sistema de supervisión de contratos Herrera Ruiz, Jackelyn Pamela, Machado Hidalgo, Alberto Arturo January 2015 (has links) Con el presente trabajo pretendemos brindar una mejora al área de Gerencia de Supervisión de Contratos” derivada de la “Secretaria General Permanente” de INVERMET del seguimiento y control del contrato. Considerando la problemática que tiene lNVERMET (Fondo Metropolitano de Inversiones), en la cual es preciso realizar algunos cambios para que la labor que allí se ejecuta se haga con una mayor efectividad para los servicios de planificación, supervisión de operaciones y reportes. Mediante este proyecto se obtendrá un sistema web que ofrezca ser un centro de participación donde los usuarios y el área intercambien información que retroalimente a ambos, para su fortalecimiento, todo esto de una manera más interactiva y en un solo lugar. Facilitar al usuario el registro de los datos de las fichas de contratos, obligaciones, garantías, seguros y penalidades. Permitir llevar con el sistema el control, seguimiento y conformidad de las obligaciones del contrato y penalidades, mediante alertas. Permitir consultar y generar reportes de las penalidades y obligaciones pendientes del contrato. In this paper we provide an improvement to the area of Management Oversight Contract "derived from the" Permanent Secretary General "of INVERMET the monitoring and control of the contract. Considering the problems that have lNVERMET (Metropolitan Investment Fund), which is necessary to make some changes to the work being done there running with more effective services for planning, monitoring and reporting operations. Through this project a web system that provides a center where users share and exchange information area will be obtained to provide feedback to both to strengthen it, all this in a more interactive way and in one place. Facilitate the user registration data sheets contracts, obligations, guarantees, insurance and penalties. Allow the system out of control, monitoring and compliance of the contractual obligations and penalties with alerts. Allow consult and report on outstanding penalties and contract obligations. Sistema de Información Desarrollo de Software Automatización de procesos Aplicación Web Information System Software Development Process Automatization Web Application
120	Portal de conhecimento sobre critérios, estratégias, técnicas e ferramentas de teste de aplicações web / Knowledge portal about testing web application criteria, procedures, techniques and tools Marcella Letícia de Souza Costa 26 February 2008 (has links) O advento da tecnologia da Internet, juntamente com a World Wide Web, popularizaram e permitiram uma grande expansão e demanda por aplicações web. Por executarem em um ambiete heterogêneo e complexo, as aplicações web apresentam várias características que as diferenciam dos sistemas tradicionais. As particularidades dessas aplicações tornam o fator qualidade essencial para o sucesso dessas aplicações. Alguns requisitos de qualidade, como usabilidade, confiabilidade, interoperabilidade e segurança devem, então, ser validados. Para assegurar a qualidade desejada, são necessárias executar as atividades de Verificação, Validação e Teste (VV&T). Dentre elas, as mais utilizadas são as atividades de teste. Os critérios, estratégias e ferramentas de teste precisam ser identificados e avaliados para se estabelecer uma relação entre os custos e benefícios entre elas, a fim de guiar a escolha de cada uma durante os testes de aplicações web. A realização de estudos experimentais para realizar essa análise beneficia tanto a academia, nas atividades de ensino e pesquisa, como a indústria, nas atividades de seleção e aplicação de critérios, estratégias e ferramentas de teste de aplicações web. Para que os resultados obtidos estejam acessíveis, é proposto o desenvolvimento de um portal de conhecimento que disponibilize de maneira sistemática o conhecimento obtido sobre critérios, estratégias e ferramentas de teste de aplicações web. Esse portal tem como objetivo oferecer às organizações um ambiente compartilhado de conhecimento, a fim de proporcionar a existência de um ciclo de criação, troca, retenção e reuso do conhecimento / The development of internet technology, along with the World Wide Web, made popular and allowed a demand boom and expansion of web applications. Web applications present some characteristics that differentiate them from the traditional systems, since they execute in a heterogeneous and complex environment. The particularities of these applications demand quality as an essential factor for success. Is this way, quality requirements, like usability, reliability, interoperability and security must be validated. To assure the desired quality, it\'s necessary to execute the activities of Verification, Validation and Test (VV&T), where the most used are the testing activities. The testing criteria, strategies and tools need to be identified and evaluated to establish a relation between the costs and benefits, in order to guide the choice of each one during the tests of web applications. The carrying out of experimental studies benefits the academy, in the activities of education and research, and the industry, in the activities of selection and application of criteria, strategies and tools of testing web applications. Moreover, these results need to be accessible to make available information to the interest people. This work presents the development of a knowledge portal, to facilitate knowledge sharing in a systematic way, with information of test criteria, strategies and tools for validating web applications. This portal intends to offer to the organizations and academic institutions a shared environment of web application test knowledge, in order to constitute a knowledge creation, change, retention and reuse cycle Ontologias Portais web Processo de desenvolvimento Teste de aplicações web Development process Ontologies Testingf web application Web portals

Search results