aspose file tools*
The moose likes Servlets and the fly likes Thesis on web application security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Thesis on web application security" Watch "Thesis on web application security" New topic
Author

Thesis on web application security

Phemmy Anny
Greenhorn

Joined: Apr 30, 2013
Posts: 3
Hi please, i need great assistance on how i can go about my thesis on web application security and what i can contribute to enhance it, I'v done many reviews but still can't come up with proposed solution(s). Thanks a great deal for your response.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
"Thesis" is a very broad concept - is it supposed to contain original research? How much time are you supposed to put into it? Since you mention a "solution", what exactly is the problem?

Lots of good introductory material is at https://www.coderanch.com/how-to/java/SecurityFaq#web-apps


Ping & DNS - my free Android networking tools app
Jelle Klap
Bartender

Joined: Mar 10, 2008
Posts: 1770
    
    7

Also, the Open Web Application Security Project (OWASP) may be of interest to you. It's not specific to Java.


Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.
Phemmy Anny
Greenhorn

Joined: Apr 30, 2013
Posts: 3
Thanks very much for the response. Its a masters Thesis and I have about 4 months or thereabout and I need something to contribute to web application security. It can contain original research or abstract information on it. Iv studied somethings on Salt and Hashed Passwords but I need area that i can contribute to that will improve or enhance the security in the area of study to make a good Msc. thesis in order to mitigate man in the browser attacks. Thanks once again.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Phemmy Anny wrote:I need area that i can contribute to ...

The key is that you have to do the work. We can't, else you won't be the one contributing to the world's knowledge.

Security is a huge field, one can easily spend years at it. Since you have only 4 months, I strongly suggest you limit the scope of your investigation. You might want to spend a full week or two learning all you can to find a narrow area that appeals to you.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

Phemmy Anny wrote:in order to mitigate man in the browser attacks.

I suppose that means "Man in the middle attack" or MITM. Salted or hashed passwords cannot mitigate this attack. You need to read more on Transport Layer Security(TLS)


SCJP, SCWCD.
|Asking Good Questions|
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16140
    
  21

I cannot, alas, contribute any hard numbers of scientific value, but I can say this, based on experience dating all the way back to the dawn of J2EE: If you want a secure web application, don't write your own security system.

Security is a "weakest-link" function. Screw up just one thing and someone will take advantage of it. Most DIY application security is done by people whose primary priority is the application itself, not the security, and almost no application designers have a hard background in security.

The number of DIY security systems I have run across in a long and evil career that were truly secure is zero. Every application, including financial and military ones done DIY have had a hole(s) in them, usually one that could be exploited in under 15 minutes by non-technical persons. It's hard enough to secure an app even when using a pre-debugged, professionally-designed security framework.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Thesis on web application security