Web vulnerabilities exploitation and prevention

Pao Yue-kong Library Electronic Theses Database

Web vulnerabilities exploitation and prevention


Author: Li, Ka-wui
Title: Web vulnerabilities exploitation and prevention
Degree: M.Sc.
Year: 2010
Subject: Hong Kong Polytechnic University -- Dissertations
Computer security
Computer networks -- Security measures
Privacy, Right of
Department: Dept. of Computing
Pages: x, 142 leaves : ill. ; 31 cm.
InnoPac Record: http://library.polyu.edu.hk/record=b2391090
URI: http://theses.lib.polyu.edu.hk/handle/200/5867
Abstract: Modern web applications are not simple web pages that provides read only information, they provide graphical user interface through the recent improvement of presentation ability of web browsers, mimicking real desktop applications. Web applications are usually open to public Internet access, thousands of malicious users that try to probe for security holes and make use of them for stealing valuable private information. The purpose of this project is to review the security problems and their corresponding prevention techniques in modern web applications, a combination of security measures will be proposed, which web applications can be secured and be prepared for the future evolution of web attacks. Web attack methods like brute force attacks on system login pages, forgery web sites involved in online phishing, cross site scripting (XSS) and cross site request forgery (CSRF) attacks will be discussed in detail. Advanced real world attacks will be illustrated as case studies.A set of effective prevention counter measures and general secure web development policies will be proposed, then experiments will be done to test the effectiveness of the combination of web security techniques which provides the best value in terms of their effectiveness, costs of implementation and usability. The results of this project will become a guide of security which new web applications should basically implement, or as the basic standard for security review of existing web applications.

Files in this item

Files Size Format
b23910902.pdf 4.730Mb PDF
Copyright Undertaking
As a bona fide Library user, I declare that:
  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.


Quick Search


More Information