Ανασχεδιασμός ασφάλειας διαδικτυακών εφαρμογών με τη χρήση ανάλυσης ευπαθειών - Μελέτη περίπτωσης σε περιβάλλον .NET
Web application security reengineering based on vulnerability analysis - A case study using the .NET Framework
Οικονόμου, Γεώργιος Β.
SubjectComputer networks -- Security measures ; Web servers -- Security measures ; Microsoft .NET Framework ; Δίκτυα υπολογιστών -- Μέτρα ασφαλείας
Web applications process sensitive personal and private data of their users. For this reasons, during their development, the web applications should be proactively analyzed for known security vulnerabilities. Developers should have at equal priority the security and the functionality of a web application.. Nowadays, the security of the applications could not be characterized as an easy task as there are many problems, vulnerabilities and threats and new ones always appear which are much more complicated and reduce the duration of the applications' safe functionality. The most important impacts which can be caused from a possible hacking of a web application include wiretapping of personal data or their destruction, non-availability of the application for a certain period of time as well as the destruction of the application. Security is a very important issue for developers during the development of an application and is also important for security managers when it comes to big organizations and companies. However, this assumes their knowledge in security policies of web applications and their full compliance. Vulnerability scanners can be applied as a preventive security control, in order to enhance the security of a web application during its development. Then, security measures should be applied, based on the results of a vulnerability analysis. This thesis focuses on the security re-engineering of web applications, based on the proactive vulnerability analysis. We first present a study of known vulnerabilities for web environments. Then we present a web application, developed as a case study for this analysis, using the .NET framework. By using the well-known Nessus vulnerability scanner, we analyze the vulnerabilities of the web application. Finally, based on the results of the vulnerability analysis, we apply corrective security controls and re-engineer the implementation of the test application to reduce its exposure to known security threats.