To see the other types of publications on this topic, follow the link: Security of web applications.

Dissertations / Theses on the topic 'Security of web applications'

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 dissertations / theses for your research on the topic 'Security of web applications.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

Prabhakara, Deepak. "Web Applications Security : A security model for client-side web applications." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-8962.

Full text
Abstract:
<p>The Web has evolved to support sophisticated web applications. These web applications are exposed to a number of attacks and vulnerabilities. The existing security model is unable to cope with these increasing attacks and there is a need for a new security model that not only provides the required security but also supports recent advances like AJAX and mashups. The attacks on client-side Web Applications can be attributed to four main reasons – 1) lack of a security context for Web Browsers to take decisions on the legitimacy of requests, 2) inadequate JavaScript security, 3) lack of a Ne
APA, Harvard, Vancouver, ISO, and other styles
2

Svartberg, Anja. "Security in Offline Web Applications." Thesis, Norges Teknisk-Naturvitenskaplige Universitet, Institutt for elektronikk og telekommunikasjon, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10003.

Full text
Abstract:
<p>Offline Web applications are increasingly popular. The possibility to have both the advantages of Web applications and traditional desktop applications is exiting. An offline Web application can be accessed from all computers, with any operating system, as well as offering to store information locally, giving the user the opportunity to use the application when the user does not have Internet access. The concept of offline Web applications is tempting, but it is important to integrate security in the process of making them. The users rely on a high level of security. In this thesis I have l
APA, Harvard, Vancouver, ISO, and other styles
3

Ge, Xiaocheng. "Agile security for Web applications." Thesis, University of York, 2007. http://etheses.whiterose.ac.uk/11071/.

Full text
Abstract:
Web-based applications (or more concisely, Web applications) are a kind of information system with a particular architecture. They have progressively evolved from Internet browser-based, read-only information repositories to Web-based distributed systems. Today, increasing numbers of businesses rely on their Web applications. At the same time, Web applications are facing many security challenges and, as a result, are exposing businesses to many risks. This thesis proposes a novel approach to building secure Web applications using agile software development methods.
APA, Harvard, Vancouver, ISO, and other styles
4

Ur-Rehman, Wasi. "Maintaining Web Applications Integrity Running on RADIUM." Thesis, University of North Texas, 2015. https://digital.library.unt.edu/ark:/67531/metadc804975/.

Full text
Abstract:
Computer security attacks take place due to the presence of vulnerabilities and bugs in software applications. Bugs and vulnerabilities are the result of weak software architecture and lack of standard software development practices. Despite the fact that software companies are investing millions of dollars in the research and development of software designs security risks are still at large. In some cases software applications are found to carry vulnerabilities for many years before being identified. A recent such example is the popular Heart Bleed Bug in the Open SSL/TSL. In today’s world,
APA, Harvard, Vancouver, ISO, and other styles
5

Erdogan, Gencer. "Security Testing of Web Based Applications." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9993.

Full text
Abstract:
<p>Web applications are becoming more and more popular in means of modern information interaction, which leads to a growth of the demand of Web applications. At the same time, Web application vulnerabilities are drastically increasing. This will inevitably expose more Web application users to malicious attacks, causing them to lose valuable information or be harmed in other ways. One of the most important software security practices that is used to mitigate the increasing number of vulnerabilities is security testing. The most commonly applied security testing methodologies today are extensi
APA, Harvard, Vancouver, ISO, and other styles
6

Charpentier, Rojas Jose Enrique. "Web application Security." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-21624.

Full text
Abstract:
Problems related to web application security comes in many ways, one example is inexperience programmers but not only in the way they code and program but also which language and structure they use to code. Not only programmers but Software companies left holes in the software they developed of course without intention.Because is proven that most of the vulnerabilities start in the web application side, as developers we need to follow certain principles, test our code and learn as much as possible about the subject, as a foundation of web application security in order to know how to prevent is
APA, Harvard, Vancouver, ISO, and other styles
7

Srilatha, Rondla, and Gande Someshwar. "Security Testing for Web Applications in SDLC." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2903.

Full text
Abstract:
Context: In Web applications, the Software vulnerability can be reduced by applying security testing in all phases of the software development life cycle (SDLC). Lot of vulnerabilities might occur if the security testing is applied in the last phase of SDLC. In order to mitigate these vulnerabilities, a lot of rework is required that involves reverse engineering in the development and design phases. To overcome this situation, organizations are shifting from security testing (performed in last phase) towards security testing in the early phases of SDLC. Objectives: The main objectives of this
APA, Harvard, Vancouver, ISO, and other styles
8

Avancini, Andrea. "Security Testing of Web and Smartphone Applications." Doctoral thesis, Università degli studi di Trento, 2013. https://hdl.handle.net/11572/368950.

Full text
Abstract:
Web applications have become integral part of everyday life, as they are used by a huge number of customers on regular basis, for daily operations in business, leisure, government or academia, and so correctness of these applications is fundamental. In particular, security is a crucial concern especially for these applications that are constantly exposed to potentially malicious environments. Cross-site scripting (XSS for short) is considered one of the major threats to the security of web applications. Missing input validation can be exploited by attackers to inject malicious code into the a
APA, Harvard, Vancouver, ISO, and other styles
9

Avancini, Andrea. "Security Testing of Web and Smartphone Applications." Doctoral thesis, University of Trento, 2013. http://eprints-phd.biblio.unitn.it/1123/1/andrea-avancini-phd-thesis-last.pdf.

Full text
Abstract:
Web applications have become integral part of everyday life, as they are used by a huge number of customers on regular basis, for daily operations in business, leisure, government or academia, and so correctness of these applications is fundamental. In particular, security is a crucial concern especially for these applications that are constantly exposed to potentially malicious environments. Cross-site scripting (XSS for short) is considered one of the major threats to the security of web applications. Missing input validation can be exploited by attackers to inject malicious code into the
APA, Harvard, Vancouver, ISO, and other styles
10

Foss, Julie-Marie, and Nina Ingvaldsen. "Web Application Security." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2005. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9235.

Full text
Abstract:
<p>As more and more sensitive information is entering web based applications, and thus are available through a web browser, securing these systems is of increasing importance. A software system accessible through the web is continuously exposed to threats, and is accessible to anyone who would like to attempt a break-in. These systems can not rely on only external measures like separate network zones and firewalls for security. Symantecs1 Internet Security Threat Report [34] is published every six months. Main findings in the last one published prove that there is an increase in threats to c
APA, Harvard, Vancouver, ISO, and other styles
11

Singh, Kapil. "Designing security policies and frameworks for web applications." Diss., Georgia Institute of Technology, 2011. http://hdl.handle.net/1853/41122.

Full text
Abstract:
The new developments behind Web 2.0 have increased the complexity of web systems making the task of securing these systems a challenging problem. As a result, end-to-end security for web access has been hindered by the limitations of current web security policies and by the lack of systems that enable effective enforcement of policies. The focus of this dissertation is on how new tools and frameworks may be designed to aid the protection of web systems by acting as policy specification and enforcement points. In particular, we develop a set of policies and frameworks for three web players--the
APA, Harvard, Vancouver, ISO, and other styles
12

Mundada, Yogesh. "Building data-centric security mechanisms for web applications." Diss., Georgia Institute of Technology, 2016. http://hdl.handle.net/1853/55013.

Full text
Abstract:
Data loss from web applications at different points of compromise has become a major liability in recent years. Existing security guidelines, policies, and tools fail often, ostensibly for reasons stemming from blatant disregard of common practice to subtle exploits originating from complex interactions between components. Current security mechanisms focus on “how to stop illicit data transfer”(i.e., the “syntax”), and many tools achieve that goal in principle. Yet, the practice of securing data additionally depends on allowing administrators to clearly specify “what data should be secured” (i
APA, Harvard, Vancouver, ISO, and other styles
13

Lin, Wenghui. "Data Security Enhancement for Web Applications Using Cryptographic Back-end Store." Scholarly Repository, 2009. http://scholarlyrepository.miami.edu/oa_theses/235.

Full text
Abstract:
Conventional storage technologies do not always give sufficient guarantees of security for critical information. Databases and file servers are regularly compromised, with consequential theft of identities and unauthorized use of sensitive information. Some cryptographic technologies increase the security guarantees, but rely on a key, and key secrecy and maintenance are difficult problems. Meanwhile, there is an accelerating trend of moving data from local storage to Internet storage. As a result, automatic security of critical information without the need for key management promises to be an
APA, Harvard, Vancouver, ISO, and other styles
14

Ngu, Phuc Huy. "Web applications - New mobile service paradigm." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2012. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-19040.

Full text
Abstract:
The explosion of mobile applications both in number and variety raises the need of shedding light on their architecture, composition and quality. Indeed, it is crucial to understand which mobile application paradigm fits better to what type of application and usage. Such understanding has direct consequences on the user experience, the development cost and sale revenues of mobile apps. In this thesis, we identify four main mobile application paradigms and evaluate them from the viewpoints of developers, users and service providers. To ensure objectivity and accuracy we start by defining high l
APA, Harvard, Vancouver, ISO, and other styles
15

Dahl, Andreas, and Kristofer Nylander. "Differences in security between native applications and web based applications in the field of health care." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-40397.

Full text
Abstract:
Developing native applications for different platforms with different resolutions and screen sizes is both time consuming and costly. If developers were able to develop one web based application which can be used on multiple platforms, yet retain the same level of security as a native application, they would be able to reduce both development time and costs. In this thesis we will investigate the possibilities of achieving a level of security in a web-based application that can equal that of a native application, as well as how to develop an application that uses the Mina Vårdkontakter (My He
APA, Harvard, Vancouver, ISO, and other styles
16

Li, Louis. "Security Analysis of Java Web Applications Using String Constraint Analysis." Thesis, Harvard University, 2015. http://nrs.harvard.edu/urn-3:HUL.InstRepos:14398534.

Full text
Abstract:
Web applications are exposed to myriad security vulnerabilities related to malicious user string input. In order to detect such vulnerabilities in Java web applications, this project employs string constraint analysis, which approximates the values that a string variable in a program can take on. In string constraint analysis, program analysis generates string constraints -- assertions about the relationships between string variables. We design and implement a dataflow analysis for Java programs that generates string constraints and passes those constraints to the CVC4 SMT solver to find a s
APA, Harvard, Vancouver, ISO, and other styles
17

Grimstad, Jo. "Security in Single Sign-On Web Applications : An Assessment of the Security in and Between Web Applications Sharing a Common Single Sign-On User Session." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-11130.

Full text
Abstract:
Single Sign-On (SSO) is a solution where the authentication process is taken care of once by a third-party Web site rather than at each of the the Web sites providing services to their users. This new way of separating user identities from the service-providing Web sites leads to different security requirements. As an approach towards assessing the security of Web applications utilizing SSO, this thesis investigates the concepts and functionality of OpenID, a decentralized authentication protocol. The assessment addresses vulnerabilities and threats related to SSO, using real Web applications
APA, Harvard, Vancouver, ISO, and other styles
18

Pandey, Amit Kumar. "Securing Web Applications From Application-Level Attack." Kent State University / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=kent1181098075.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Ødegård, Leif. "Framework Support for Web Application Security." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9314.

Full text
Abstract:
<p>There are several good reasons to use a framework when you are developing a new web application. We often here that: *** frameworks use known patterns that result in an easily extendable architecture *** frameworks result in loose couplings between different modules in the application *** frameworks allow developer to concentrate on business logic instead of reinventing wheels that is already reinvented several times *** frameworks are often thoroughly tested and contains less bugs than custom solutions But security is rarely mentioned in this setting. Our main motivation in this thesi
APA, Harvard, Vancouver, ISO, and other styles
20

Nilsson, Daniel, and Hampus Åberg. "HTML5 Web application security with OWASP." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2074.

Full text
Abstract:
HTML5 has gained a lot of interest the last couple of years from web developers. HTML5 is the new upcoming standard for HTML set to be released in the end of 2014 (W3C). In this report HTML5 is reviewed in order to determine if it has made web applications more secure. This is done with information study and the use of experimental test cases. We use the latest OWASP top ten list of security risks in web applications as a benchmark. As a result we found ve correlations between OWASP top ten list and HTML5 functionality. The results clearly indicates that HTML5 is a ecting web application secur
APA, Harvard, Vancouver, ISO, and other styles
21

Lunyov, Phillip. "Detecting changes in web applications." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-97021.

Full text
Abstract:
As the availability and popularity of the Internet continues to grow, the trend ofproviding global access to business resources and services online is an efficient andprofitable way for organizations to acquire a new share of the market. Due to the flexibilityand scalability of modern web technologies, web-based applications processand store personal or critical information in enormous amounts. Hence, the overallapplication’s functionality and secure data processing are the main key factors ofeach web application. For ensuring those key factors, the web page code must be regularlymonitored to
APA, Harvard, Vancouver, ISO, and other styles
22

Huang, Xujing. "Quantitative information flow of side-channel leakages in web applications." Thesis, Queen Mary, University of London, 2016. http://qmro.qmul.ac.uk/xmlui/handle/123456789/12864.

Full text
Abstract:
It is not a secret that communications between client sides and server sides in web applications can leak user confidential data through side-channel attacks. The lower lever traffic features, such as packet sizes, packet lengths, timings, etc., are public to attackers. Attackers can infer a user's web activities including web browsing histories and user sensitive information by analysing web traffic generated during communications, even when the traffic is encrypted. There has been an increasing public concern about the disclosure of user privacy through side-channel attacks in web applicatio
APA, Harvard, Vancouver, ISO, and other styles
23

Singaravelu, Lenin. "End-to-End Security of Information Flow in Web-based Applications." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/16142.

Full text
Abstract:
Web-based applications and services are increasingly being used in security-sensitive tasks. Current security protocols rely on two crucial assumptions to protect the confidentiality and integrity of information: First, they assume that end-point software used to handle security-sensitive information is free from vulnerabilities. Secondly, these protocols assume point-to-point communication between a client and a service provider. However, these assumptions do not hold true with large and complex vulnerable end point software such as the Internet browser or web services middleware or in web s
APA, Harvard, Vancouver, ISO, and other styles
24

Near, Joseph P. (Joseph Paul). "Finding security bugs in web applications using domain-specific static analysis." Thesis, Massachusetts Institute of Technology, 2015. http://hdl.handle.net/1721.1/99841.

Full text
Abstract:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.<br>Cataloged from PDF version of thesis.<br>Includes bibliographical references (pages 129-133).<br>This thesis proposes new techniques for finding and eliminating application-specific bugs in web applications. We demonstrate three approaches to finding these bugs, each representing one position in the compromise between specificity and automation. All three are powered by a scalable symbolic execution specifically tailored to the structure of web application implementations,
APA, Harvard, Vancouver, ISO, and other styles
25

Erickson, Adam, and Oscar Nielsen. "Keep our web applications safe : A security evaluation of Service Workers." Thesis, Linköpings universitet, Programvara och system, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161753.

Full text
Abstract:
With the ever-expanding internet, finding new ways to increase the user experience are vital in order to keeping concurrent users on your web application. One way to achieve this could be to implement a Service Worker to unlock more capabilities of a web application. The purpose of this paper is to evaluate what new security vulnerabilities can arise when implementing a Service Worker. This could then be used to evaluate if the technology has evolved far enough to be used by a wider audience of programmers and users. The analysis in this paper will be presented in a security matrix that is bas
APA, Harvard, Vancouver, ISO, and other styles
26

Squarcina, Marco <1984&gt. "Analysis and prevention of security threats in web and cryptographic applications." Doctoral thesis, Università Ca' Foscari Venezia, 2017. http://hdl.handle.net/10579/12918.

Full text
Abstract:
In recent years we have faced a multitude of security flaws posing a serious threat to the whole society, ranging from individuals to national critical infrastructures. For this reason, it is of crucial importance to effectively enforce security on real systems, by identifying flaws and putting in place novel security mechanisms and techniques. Along this path, we provide practical contributions on Web security and cryptographic APIs. We first review the field of Web session security by surveying the most common attacks against web sessions. Existing security solutions are evaluated along four
APA, Harvard, Vancouver, ISO, and other styles
27

Xiong, Pulei. "A Model-driven Penetration Test Framework for Web Applications." Thesis, Université d'Ottawa / University of Ottawa, 2012. http://hdl.handle.net/10393/20552.

Full text
Abstract:
Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle. In this thesis, we propose a model-driven penetration test
APA, Harvard, Vancouver, ISO, and other styles
28

Ademi, Muhamet. "Web-Based Intrusion Detection System." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20271.

Full text
Abstract:
Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security pract
APA, Harvard, Vancouver, ISO, and other styles
29

Wanderydz, Kristoffer. "WEB APPLICATION SECURITY IN THE JAVA ENVIRONMENT." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2370.

Full text
Abstract:
This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed. Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source. All vulnerabilities was successfully implemented in Spring framework, and
APA, Harvard, Vancouver, ISO, and other styles
30

Forsman, Tomas. "Security in Web Applications and the Implementation of a Ticket Handling System." Thesis, Umeå universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-86002.

Full text
Abstract:
Today the Internet is filled with various web applications. One category of things that can cause a lot of problems are security holes. Some of them are due to programming mistakes, some due to inexperience, or in other ways failure to protect the system against harmful input. Part one of this thesis will look into some common problem areas in web application security and how to make those areas less problematic. There will be a summary of those problem areas and also some more detailed explanations. These areas include SQL injections and Cross-Site Scripting which, by prominent security compa
APA, Harvard, Vancouver, ISO, and other styles
31

Redfield, Catherine M. S. "Practical security for multi-user web application databases." Thesis, Massachusetts Institute of Technology, 2012. http://hdl.handle.net/1721.1/76820.

Full text
Abstract:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.<br>This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.<br>Cataloged from student-submitted PDF version of thesis.<br>Includes bibliographical references (p. 67-68).<br>Online web applications are continuously vulnerable to attacks on their users' data. Outside adversaries can gain unauthorized access by exploiting unknown vulnerabilities; curious or malicious database administrators ca
APA, Harvard, Vancouver, ISO, and other styles
32

Månsson, Anton. "Webbsystem säkerhet : Ur ett API och webbapplikations perspektiv." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-68000.

Full text
Abstract:
Web applications and APIs have become more popular every year, and security risks haveincreased. Along with more security risks and the large amount of sensitive informationshared on web applications today, the problem grows. I therefore wanted to explore morein security deficiencies to increase my own knowledge and others in the field. To do that,a web application was developed and a survey was made of what security threats existtoday and what solutions they have. Some of the solutions encountered during theinvestigation were then implemented and tested in the web application. The result show
APA, Harvard, Vancouver, ISO, and other styles
33

Hadjichristofi, George Costa. "IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications." Thesis, Virginia Tech, 2001. http://hdl.handle.net/10919/35710.

Full text
Abstract:
This research focuses on developing a set of secure communication network testbeds and using them to measure the overhead of IP Security (IPSec) for email and web applications. The network testbeds are implemented using both wireline and wireless technologies. The testing involves a combination of authentication algorithms such as Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1), implemented through different authentication protocols such as ESP and AH, and used in conjunction with the Triple Digital Encr
APA, Harvard, Vancouver, ISO, and other styles
34

Lundberg, Karl Johan. "Investigating the current state of securityfor small sized web applications." Thesis, Linköpings universitet, Databas och informationsteknik, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-89160.

Full text
Abstract:
It is not uncommon to read about hacker attacks in the newspaper today. The hackers are targeting governments and enterprises, and motives vary. It may be political or economic reasons, or just to gain reputation. News about smaller systems is, unsurprisingly, not as common. Does this mean that security is less relevant of smaller systems? This report investigates the threat model of smaller web applications, to answer that very question.Different attacks are described in the detail needed for explaining their threat but the intention is not to teach the reader to write secure code. The report
APA, Harvard, Vancouver, ISO, and other styles
35

Huang, Jin. "Detecting Server-Side Web Applications with Unrestricted File Upload Vulnerabilities." Wright State University / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=wright163007760528389.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Dacosta, Italo. "Practical authentication in large-scale internet applications." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/44863.

Full text
Abstract:
Due to their massive user base and request load, large-scale Internet applications have mainly focused on goals such as performance and scalability. As a result, many of these applications rely on weaker but more efficient and simpler authentication mechanisms. However, as recent incidents have demonstrated, powerful adversaries are exploiting the weaknesses in such mechanisms. While more robust authentication mechanisms exist, most of them fail to address the scale and security needs of these large-scale systems. In this dissertation we demonstrate that by taking into account the specific req
APA, Harvard, Vancouver, ISO, and other styles
37

Shelly, David Andrew. "Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners." Thesis, Virginia Tech, 2010. http://hdl.handle.net/10919/34464.

Full text
Abstract:
The threat of cyber attacks due to improper security is a real and evolving danger. Corporate and personal data is breached and lost because of web application vulnerabilities thousands of times every year. The large number of cyber attacks can partially be attributed to the fact that web application vulnerability scanners are not used by web site administrators to scan for flaws. Web application vulnerability scanners are tools that can be used by network administrators and security experts to help prevent and detect vulnerabilities such as SQL injection, buffer overflows, cross-site scriptin
APA, Harvard, Vancouver, ISO, and other styles
38

Gholami, Sadeq, and Zeineb Amri. "Automated secure code review for web- applications." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-300125.

Full text
Abstract:
Carefully scanning and analysing web- applications is important, in order to avoid potential security vulnerabilities, or at least reduce them. Traditional code reviewing methods, such as manual code reviews, have various drawbacks when performed on large codebases. Therefore it is appropriate to explore automated code reviewing tools and study their performance and reliability. The literature study helped identify various prerequisites, which facilitated the application of automated code reviewing tools. In a case study, two static analysis tools, CodeQL and Semgrep, were used to find securit
APA, Harvard, Vancouver, ISO, and other styles
39

Ahlberg, Gustav. "Generating web applications containing XSS and CSRF vulnerabilities." Thesis, Linköpings universitet, Databas och informationsteknik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-111652.

Full text
Abstract:
Most of the people in the industrial world are using several web applications every day. Many of those web applications contain vulnerabilities that can allow attackers to steal sensitive data from the web application's users. One way to detect these vulnerabilities is to have a penetration tester examine the web application. A common way to train penetration testers to find vulnerabilities is to challenge them with realistic web applications that contain vulnerabilities. The penetration tester's assignment is to try to locate and exploit the vulnerabilities in the web application. Training on
APA, Harvard, Vancouver, ISO, and other styles
40

Izagirre, Mikel. "Deception strategies for web application security: application-layer approaches and a testing platform." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-64419.

Full text
Abstract:
The popularity of the internet has made the use of web applications ubiquitous and essential to the daily lives of people, businesses and governments. Web servers and web applications are commonly used to handle tasks and data that can be critical and highly valuable, making them a very attractive target for attackers and a vector for successful attacks that are aimed at the application layer. Existing misuse and anomaly-based detection and prevention techniques fail to cope with the volume and sophistication of new attacks that are continuously appearing, which suggests that there is a need t
APA, Harvard, Vancouver, ISO, and other styles
41

GUSTAFSSON, FREDRIK. "Securing JavaScript applications within theSpotify web player." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-153759.

Full text
Abstract:
Developing bug free software is extremely difficult and bugsin a web application can easily lead to security vulnerabilities.Building APIs and opening up your platform has beenproven to add a lot of business value and Spotify has recentlyreleased a JavaScript API that allows third partydevelopers to develop applications for the Desktop basedmusic player.In this thesis we design new security mechanisms forSpotify’s web-based music player in order to make it morerobust against attacks stemming from code injection and,potentially malicious, third party developers.We do this by designing a secure
APA, Harvard, Vancouver, ISO, and other styles
42

Ureche, Oana. "Static code analysis of data-driven applications through common lingua and the Semantic Web technologies." Thesis, Federation University Australia, 2015. http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/81548.

Full text
Abstract:
Web applications have become increasingly popular due to their potential for businesses' high revenue gain through global reach. Along with these opportunities, also come challenges in terms of Web application security. The increased rise in the number of datadriven applications has also seen an increased rise in their systematic attacks. Cyberattacks exploit Web application vulnerabilities. Attack trends show a major increase in Web application vulnerabilities caused by improper implementation of information-flow control methods and they account for more than 50% of all Web application vulner
APA, Harvard, Vancouver, ISO, and other styles
43

Al-Kassar, Feras. "Testability Tarpits - Navigating the Challenges of Static Tools in Web Applications." Electronic Thesis or Diss., Sorbonne université, 2023. http://www.theses.fr/2023SORUS675.

Full text
Abstract:
L'objectif de cette thèse était d'évaluer l'efficacité d'une combinaison de scanners de sécurité commerciaux et open source. Grâce à l'expérimentation, nous avons identifié divers modèles de code qui entravent la capacité des outils de pointe à analyser les projets. En détectant ces modèles au cours du cycle de développement des logiciels, notre approche peut offrir aux développeurs un retour d'information précieux sur la testabilité de leur code. En outre, elle leur permet d'évaluer plus précisément le risque résiduel que leur code puisse encore contenir des vulnérabilités, même si les analys
APA, Harvard, Vancouver, ISO, and other styles
44

Muedas, Higginson Ana Cristina, and Velásquez Renato Germán Rojas. "Modelo de madurez de seguridad de aplicaciones web ante ciberataques para clínicas de nivel 2." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2019. http://hdl.handle.net/10757/628108.

Full text
Abstract:
La creciente competitividad del mercado, genera una dificultad cada vez mayor en las organizaciones para alcanzar el éxito en sus proyectos. Tal hecho busca priorizar criterios económicos, tiempo, costo, calidad y alcance, ocasionando falta de controles que resultan en brechas de seguridad en la compañía. De esa forma se deja en segundo plano procedimientos de seguridad como por ejemplo el testeo de aplicaciones web. Estas poseen vulnerabilidades que podrían proporcionar los medios para que usuarios finales maliciosos violen mecanismos de protección de un sistema y obtengan acceso a informació
APA, Harvard, Vancouver, ISO, and other styles
45

Vural, Gurkan. "Anomaly Detection From Personal Usage Patterns In Web Applications." Master's thesis, METU, 2006. http://etd.lib.metu.edu.tr/upload/12607973/index.pdf.

Full text
Abstract:
The anomaly detection task is to recognize the presence of an unusual (and potentially hazardous) state within the behaviors or activities of a computer user, system, or network with respect to some model of normal behavior which may be either hard-coded or learned from observation. An anomaly detection agent faces many learning problems including learning from streams of temporal data, learning from instances of a single class, and adaptation to a dynamically changing concept. The domain is complicated by considerations of the trusted insider problem (recognizing the difference between innocu
APA, Harvard, Vancouver, ISO, and other styles
46

Babatunde, John Oluwole. "Evaluating the impact of security measures on performance of secure web applications hosted on virtualised platforms." Thesis, University of East London, 2015. http://roar.uel.ac.uk/4771/.

Full text
Abstract:
The use of web applications has drastically increased over the years, and so has the need to secure these applications with effective security measures to ensure security and regulatory compliance. The problem arises when the impact and overheads associated with these security measures are not adequately quantified and factored into the design process of these applications. Organizations often resort to trading-off security compliance in order to achieve the required system performance. The aim of this research work is to quantify the impact of security measures on system performance of web ap
APA, Harvard, Vancouver, ISO, and other styles
47

Khalil, Rana Fouad. "Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-box Web Vulnerability Scanners." Thesis, Université d'Ottawa / University of Ottawa, 2018. http://hdl.handle.net/10393/38595.

Full text
Abstract:
Black-box web application vulnerability scanners are automated tools that are used to crawl a web application to look for vulnerabilities. These tools are often used in one of two ways. In the first approach, scanners are used as Point-and-Shoot tools where a scanner is only given the root URL of an application and asked to scan the site. Whereas, in the second approach, scanners are first configured to maximize the crawling coverage and vulnerability detection accuracy. Although the performance of leading commercial scanners has been thoroughly studied, very little research has been done to e
APA, Harvard, Vancouver, ISO, and other styles
48

Zavadilová, Patrícia. "Návrh, tvorba a implementace softwarové aplikace ve firemním prostředí." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2021. http://www.nusl.cz/ntk/nusl-444603.

Full text
Abstract:
The master’s thesis is focused on the design and creation of a solution for converting company’s software application into the mobile and web form. The main goal is make business processes more efficient and maintain information and cyber security. The result should be a system that brings an innovative and convenient solution, time and financial savings.
APA, Harvard, Vancouver, ISO, and other styles
49

Moosa, Asaad. "Neural virtual immune system : a next generation web application security framework." Thesis, University of Reading, 2010. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.559257.

Full text
Abstract:
The problem of zero-day attacks in web applications stands as one of the primary challenges against the development of the Internet technology. Solutions so far are not adequate at preventing attacks. The philosophical reasons behind this continuous failure are due to the reliance on out-dated methodologies that offer only signatures-based and anomaly detection solutions. In the last decade, a promising direction in security research utilises biologically inspired computing in which Artificial Immune Systems (AISs) were progressively investigated. Several AIS algorithms and frameworks were int
APA, Harvard, Vancouver, ISO, and other styles
50

Skogsrud, Halvard Computer Science &amp Engineering Faculty of Engineering UNSW. "Trust negotiation policy management for service-oriented applications." Awarded by:University of New South Wales. Computer Science and Engineering, 2006. http://handle.unsw.edu.au/1959.4/25723.

Full text
Abstract:
Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiat
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!