Θέματα ασφάλειας στις σύγχρονες διαδικτυακές εφαρμογές
Τσάιμος, Ελευθέριος Π.
SubjectΔιαδίκτυο (Internet) -- Μέτρα ασφαλείας ; Διαδικτυακός προγραμματισμός ; PHP (Γλώσσα προγραμματισμού) ; MySQL (Ηλεκτρονική πηγή πληροφοριών)
In the present MSc Thesis, a special research area is presented. It concerns the subject of Safety in Modern Web Applications, a subject that derives from the vulnerabilities of the web applications themselves. With the term "Web Applications" we refer to applications that are accessible via a web browser and communicate with a web server. We research this matter from three different perspectives; Detection, Exploitation and Confrontation of the vulnerabilities. Our technique is adjusted accordingly to the particular characteristics of each vulnerability. The three most important vulnerabilities are presented, as a result from OWASP organization: Code Injection, XSS and Broken Authentication and Session Management. The content of the particular MSc Thesis is highly practical and follows up the latest tendencies in web security, resulting from the use of PHP programming language & and MySQL databases. Nevertheless, it contains sufficient theory background for the understanding of the vulnerabilities, but its primary concern remains the use of programming practices in order to implement secure applications. Throughout the MSc Thesis, specific steps are mentioned for the detection, exploitation and confrontation of each type of vulnerability as well as many practical examples that illustrate how different security flaws occur in Modern Web Applications. Finally, the development of this MSc Thesis is based on "Mutillidae" application, PHP language and MySQL database management system.