Learning Centre

Experimental study of vulnerabilities in a web application

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Aura, Tuomas
dc.contributor.author Zhu, Can
dc.date.accessioned 2017-04-13T10:24:34Z
dc.date.available 2017-04-13T10:24:34Z
dc.date.issued 2017-04-03
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/25149
dc.description.abstract As web services have become business critical components, it is very vital to improve their security. Many businesses define penetration testing as the web vulnerabilities scanners automatically operate the site, however, the true penetration testing is more than that. It needs sophistic skills and experience of the testers. Web vulnerability scanners can detect weaknesses in a black-box way, and they are easy to use. There are various scanners to choose; organizations should select them based on their requirements and conditions. In this thesis, we study vulnerabilities in one web application named Virtual Environment Manager (VEM) of Tieto company. After scanning VEM with two scanners, 11 types of vulnerabilities are detected. Then, we exploit every vulnerability based on the application's source code, and also evaluate their severity levels. Finally, the solutions of remedying these vulnerabilities are provided. Because of some limitations, the security testing of the VEM is not fully implemented. For example, the cloud infrastructure is not detected. Still, this experiment contributes to security testing of VEM web application. We hope that this project can help Tieto company improve the security level of VEM. en
dc.format.extent vi + 44
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Experimental study of vulnerabilities in a web application en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword web application en
dc.subject.keyword security testing en
dc.subject.keyword vulnerability en
dc.subject.keyword exploit en
dc.identifier.urn URN:NBN:fi:aalto-201704133582
dc.programme.major Mobile computing, services and security fi
dc.programme.mcode SCI3045 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Aura, Tuomas
dc.programme Master’s Programme in Computer, Communication and Information Sciences fi
dc.ethesisid Aalto 9125
dc.location P1

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication