Hi please, i need great assistance on how i can go about my thesis on web application security and what i can contribute to enhance it, I'v done many reviews but still can't come up with proposed solution(s). Thanks a great deal for your response.
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.
Joined: Apr 30, 2013
Thanks very much for the response. Its a masters Thesis and I have about 4 months or thereabout and I need something to contribute to web application security. It can contain original research or abstract information on it. Iv studied somethings on Salt and Hashed Passwords but I need area that i can contribute to that will improve or enhance the security in the area of study to make a good Msc. thesis in order to mitigate man in the browser attacks. Thanks once again.
Phemmy Anny wrote:I need area that i can contribute to ...
The key is that you have to do the work. We can't, else you won't be the one contributing to the world's knowledge.
Security is a huge field, one can easily spend years at it. Since you have only 4 months, I strongly suggest you limit the scope of your investigation. You might want to spend a full week or two learning all you can to find a narrow area that appeals to you.
I cannot, alas, contribute any hard numbers of scientific value, but I can say this, based on experience dating all the way back to the dawn of J2EE: If you want a secure web application, don't write your own security system.
Security is a "weakest-link" function. Screw up just one thing and someone will take advantage of it. Most DIY application security is done by people whose primary priority is the application itself, not the security, and almost no application designers have a hard background in security.
The number of DIY security systems I have run across in a long and evil career that were truly secure is zero. Every application, including financial and military ones done DIY have had a hole(s) in them, usually one that could be exploited in under 15 minutes by non-technical persons. It's hard enough to secure an app even when using a pre-debugged, professionally-designed security framework.
An IDE is no substitute for an Intelligent Developer.