Ασφάλεια διαδικτυακών εφαρμογών με χρήση της πλατφόρμας Ruby on Rails
Web application security using Ruby on Rails platform
Μάλαμας, Ευάγγελος Ν.
KeywordsΔιαδικτυακή εφαρμογή ; Ασφάλεια διαδικτύου ; Ανάπτυξη λογισμικού ; Ευπάθειες ; Κίνδυνος ; Αρχιτεκτονική συστήματος ; Ruby on Rails
The rapid growth of the Internet haw evolved during the last years in various day-to-day activities (such as e-shopping, information, other transactions) and has created a tremendous need for developing web applications. Various web application development platforms come to cover this gap for various various programming languages and are designed to signifiacantly reduce the time required for the development of a web application. Besides the functionality, security is also a major requirement, since many web applications handle sensitive user data such as personal data, account numbers or credit cards numbers. This master thesis aims to examine security during the design of web applications, based on the Ruby on Rails framework . For this purpose, we will analyze the security requirements of typical web applications. We will present the main security threats that web applications face, as well as the common security vulnerabilities that may be exploited by those security threats. Then we will analyze the softaware libraries and the security technologies supported by the Ruby on Rails web framework, for the development of secure web applications. In the practical part of this thesis, we wil develop a web application for posting articles, using the Ruby on Rails web framework, that will incorporate many of the security techniques presented above. Finally we will perform a vulnerability scanning in the web application using the Nessus scanner, and based on the results we will suggesting additional security mitigation solutions to overcome the remaining threats.