Author: Li, Ka-wui
Title: Web vulnerabilities exploitation and prevention
Degree: M.Sc.
Year: 2010
Subject: Hong Kong Polytechnic University -- Dissertations
Computer security
Computer networks -- Security measures
Privacy, Right of
Department: Department of Computing
Pages: x, 142 leaves : ill. ; 31 cm.
Language: English
Abstract: Modern web applications are not simple web pages that provides read only information, they provide graphical user interface through the recent improvement of presentation ability of web browsers, mimicking real desktop applications. Web applications are usually open to public Internet access, thousands of malicious users that try to probe for security holes and make use of them for stealing valuable private information. The purpose of this project is to review the security problems and their corresponding prevention techniques in modern web applications, a combination of security measures will be proposed, which web applications can be secured and be prepared for the future evolution of web attacks. Web attack methods like brute force attacks on system login pages, forgery web sites involved in online phishing, cross site scripting (XSS) and cross site request forgery (CSRF) attacks will be discussed in detail. Advanced real world attacks will be illustrated as case studies.A set of effective prevention counter measures and general secure web development policies will be proposed, then experiments will be done to test the effectiveness of the combination of web security techniques which provides the best value in terms of their effectiveness, costs of implementation and usability. The results of this project will become a guide of security which new web applications should basically implement, or as the basic standard for security review of existing web applications.
Rights: All rights reserved
Access: restricted access

Files in This Item:
File Description SizeFormat 
b23910902.pdfFor All Users (off-campus access for PolyU Staff & Students only)4.62 MBAdobe PDFView/Open

Copyright Undertaking

As a bona fide Library user, I declare that:

  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.

By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

Show full item record

Please use this identifier to cite or link to this item: