• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Thesis on web application security

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi please, i need great assistance on how i can go about my thesis on web application security and what i can contribute to enhance it, I'v done many reviews but still can't come up with proposed solution(s). Thanks a great deal for your response.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Thesis" is a very broad concept - is it supposed to contain original research? How much time are you supposed to put into it? Since you mention a "solution", what exactly is the problem?

Lots of good introductory material is at https://coderanch.com/how-to/java/SecurityFaq#web-apps
 
Bartender
Posts: 1952
7
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also, the Open Web Application Security Project (OWASP) may be of interest to you. It's not specific to Java.
 
Phemmy Anny
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks very much for the response. Its a masters Thesis and I have about 4 months or thereabout and I need something to contribute to web application security. It can contain original research or abstract information on it. Iv studied somethings on Salt and Hashed Passwords but I need area that i can contribute to that will improve or enhance the security in the area of study to make a good Msc. thesis in order to mitigate man in the browser attacks. Thanks once again.
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Phemmy Anny wrote:I need area that i can contribute to ...


The key is that you have to do the work. We can't, else you won't be the one contributing to the world's knowledge.

Security is a huge field, one can easily spend years at it. Since you have only 4 months, I strongly suggest you limit the scope of your investigation. You might want to spend a full week or two learning all you can to find a narrow area that appeals to you.
 
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Phemmy Anny wrote:in order to mitigate man in the browser attacks.


I suppose that means "Man in the middle attack" or MITM. Salted or hashed passwords cannot mitigate this attack. You need to read more on Transport Layer Security(TLS)
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I cannot, alas, contribute any hard numbers of scientific value, but I can say this, based on experience dating all the way back to the dawn of J2EE: If you want a secure web application, don't write your own security system.

Security is a "weakest-link" function. Screw up just one thing and someone will take advantage of it. Most DIY application security is done by people whose primary priority is the application itself, not the security, and almost no application designers have a hard background in security.

The number of DIY security systems I have run across in a long and evil career that were truly secure is zero. Every application, including financial and military ones done DIY have had a hole(s) in them, usually one that could be exploited in under 15 minutes by non-technical persons. It's hard enough to secure an app even when using a pre-debugged, professionally-designed security framework.
 
The happiness of your life depends upon the quality of your thoughts -Marcus Aurelius ... think about this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic