Experimental study of vulnerabilities in a web application

Thumbnail Image

Files

master_Zhu_Can_2017.pdf (821 KB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2017-04-03

Department

Major/Subject

Mobile computing, services and security

Mcode

SCI3045

Degree programme

Master’s Programme in Computer, Communication and Information Sciences

Language

en

Pages

vi + 44

Series

Abstract

As web services have become business critical components, it is very vital to improve their security. Many businesses define penetration testing as the web vulnerabilities scanners automatically operate the site, however, the true penetration testing is more than that. It needs sophistic skills and experience of the testers. Web vulnerability scanners can detect weaknesses in a black-box way, and they are easy to use. There are various scanners to choose; organizations should select them based on their requirements and conditions. In this thesis, we study vulnerabilities in one web application named Virtual Environment Manager (VEM) of Tieto company. After scanning VEM with two scanners, 11 types of vulnerabilities are detected. Then, we exploit every vulnerability based on the application's source code, and also evaluate their severity levels. Finally, the solutions of remedying these vulnerabilities are provided. Because of some limitations, the security testing of the VEM is not fully implemented. For example, the cloud infrastructure is not detected. Still, this experiment contributes to security testing of VEM web application. We hope that this project can help Tieto company improve the security level of VEM.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Aura, Tuomas

Keywords

web application, security testing, vulnerability, exploit

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-201704133582

Collections

[dipl] Perustieteiden korkeakoulu / SCI