Unit:
Κατεύθυνση / ειδίκευση Τηλεπικοινωνιακά Συστήματα και Δικτυακές Τεχνολογίες (ΤΗΛ)Library of the School of Science
Author:
Παπαδάκης Ιωάννης
Supervisors info:
Παναγιώτης Γεωργιάδης, Καθηγητής ΕΚΠΑ (επιβλέπων), Κωνσταντίνος Παπαπαναγιώτου, εξωτερικός συνεργάτης,
Original Title:
Ασφάλεια διαδικτυακών εφαρμογών με εργαλεία ελεύθερου λογισμικού
Translated title:
Web Application security testing with open source tools
Summary:
Τhis diploma thesis is focused on: a) the search of all possible vulnerability
that can be found in web applications b) applying integrated tools for scanning
a web application for possible vulnerabilities such as OWASP ZAP, OWASP
WebGoat project and Selenium. c) the general guidelines for evaluation of web
applications security. Results are presented that allow the web application
engineers to collect precious information and clues regarding the weaknesses
that are presented in such type of applications. The methodology of research
includes familiarization with the relative significances and the study of
directives and models of safety of web applications, as they have been defined
by recognized organisms, such as the OWASP. Therefore weaknesses and
vulnerabilities of a web application has been presented here. .In the same time
open source tools were used in order to have concrete results and automate the
procedures. Mainly, the OWASP ZAP tool was used, that is a tool for the
application penetration testing in Web applications. From the present diploma
the following conclusions are exported: Black box testing methodology is the
more effective method for the evaluation of safety of web applications, because
it appreciates the level of safety following techniques and steps same that
intruders use for executing their attacks. The use of tools for control is
necessary, either it is automating, or no, due to the requirement for
continuous and repeated controls.
Keywords:
Security, Software, Web, Vulnerabilities, OWASP
