Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Thesis on web application security

 
Phemmy Anny
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi please, i need great assistance on how i can go about my thesis on web application security and what i can contribute to enhance it, I'v done many reviews but still can't come up with proposed solution(s). Thanks a great deal for your response.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Thesis" is a very broad concept - is it supposed to contain original research? How much time are you supposed to put into it? Since you mention a "solution", what exactly is the problem?

Lots of good introductory material is at https://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
Jelle Klap
Bartender
Posts: 1952
7
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, the Open Web Application Security Project (OWASP) may be of interest to you. It's not specific to Java.
 
Phemmy Anny
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks very much for the response. Its a masters Thesis and I have about 4 months or thereabout and I need something to contribute to web application security. It can contain original research or abstract information on it. Iv studied somethings on Salt and Hashed Passwords but I need area that i can contribute to that will improve or enhance the security in the area of study to make a good Msc. thesis in order to mitigate man in the browser attacks. Thanks once again.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Phemmy Anny wrote:I need area that i can contribute to ...

The key is that you have to do the work. We can't, else you won't be the one contributing to the world's knowledge.

Security is a huge field, one can easily spend years at it. Since you have only 4 months, I strongly suggest you limit the scope of your investigation. You might want to spend a full week or two learning all you can to find a narrow area that appeals to you.
 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Phemmy Anny wrote:in order to mitigate man in the browser attacks.

I suppose that means "Man in the middle attack" or MITM. Salted or hashed passwords cannot mitigate this attack. You need to read more on Transport Layer Security(TLS)
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18156
53
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I cannot, alas, contribute any hard numbers of scientific value, but I can say this, based on experience dating all the way back to the dawn of J2EE: If you want a secure web application, don't write your own security system.

Security is a "weakest-link" function. Screw up just one thing and someone will take advantage of it. Most DIY application security is done by people whose primary priority is the application itself, not the security, and almost no application designers have a hard background in security.

The number of DIY security systems I have run across in a long and evil career that were truly secure is zero. Every application, including financial and military ones done DIY have had a hole(s) in them, usually one that could be exploited in under 15 minutes by non-technical persons. It's hard enough to secure an app even when using a pre-debugged, professionally-designed security framework.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic