File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Thesis on web application security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Thesis on web application security" Watch "Thesis on web application security" New topic

Thesis on web application security

Phemmy Anny

Joined: Apr 30, 2013
Posts: 3
Hi please, i need great assistance on how i can go about my thesis on web application security and what i can contribute to enhance it, I'v done many reviews but still can't come up with proposed solution(s). Thanks a great deal for your response.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
"Thesis" is a very broad concept - is it supposed to contain original research? How much time are you supposed to put into it? Since you mention a "solution", what exactly is the problem?

Lots of good introductory material is at
Jelle Klap

Joined: Mar 10, 2008
Posts: 1951

Also, the Open Web Application Security Project (OWASP) may be of interest to you. It's not specific to Java.

Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.
Phemmy Anny

Joined: Apr 30, 2013
Posts: 3
Thanks very much for the response. Its a masters Thesis and I have about 4 months or thereabout and I need something to contribute to web application security. It can contain original research or abstract information on it. Iv studied somethings on Salt and Hashed Passwords but I need area that i can contribute to that will improve or enhance the security in the area of study to make a good Msc. thesis in order to mitigate man in the browser attacks. Thanks once again.
Pat Farrell

Joined: Aug 11, 2007
Posts: 4659

Phemmy Anny wrote:I need area that i can contribute to ...

The key is that you have to do the work. We can't, else you won't be the one contributing to the world's knowledge.

Security is a huge field, one can easily spend years at it. Since you have only 4 months, I strongly suggest you limit the scope of your investigation. You might want to spend a full week or two learning all you can to find a narrow area that appeals to you.
Amit Ghorpade

Joined: Jun 06, 2007
Posts: 2851

Phemmy Anny wrote:in order to mitigate man in the browser attacks.

I suppose that means "Man in the middle attack" or MITM. Salted or hashed passwords cannot mitigate this attack. You need to read more on Transport Layer Security(TLS)

|Asking Good Questions|
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17417

I cannot, alas, contribute any hard numbers of scientific value, but I can say this, based on experience dating all the way back to the dawn of J2EE: If you want a secure web application, don't write your own security system.

Security is a "weakest-link" function. Screw up just one thing and someone will take advantage of it. Most DIY application security is done by people whose primary priority is the application itself, not the security, and almost no application designers have a hard background in security.

The number of DIY security systems I have run across in a long and evil career that were truly secure is zero. Every application, including financial and military ones done DIY have had a hole(s) in them, usually one that could be exploited in under 15 minutes by non-technical persons. It's hard enough to secure an app even when using a pre-debugged, professionally-designed security framework.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: Thesis on web application security
It's not a secret anymore!