Repository logo
 
Thumbnail Image
Publication

Protecting web applications through secure code recommendations by identifying and removing vulnerabilities

2024Master thesis Open access
http://hdl.handle.net/10400.5/95533
Use this identifier to reference this record.
Name:Description:Size:Format: 
TM_Pedro_Martins.pdf1012.82 KBAdobe PDF Download

Authors

Martins, Pedro Lima

Advisor(s)

Medeiros, Ibéria Vitória de Sousa
Cogo, Vinicius Vielmo

Abstract(s)

In current times, the Internet is a fairly standardized environment, but even so it is still a very free place regarding both what can be created and who can create within it. Many of these creations are web applications, shared by several users and often employed as templates for similar applications. The fact that just about anyone can do this can be problematic, as issues can occur due to these applications being left exposed to attacks, not only to the systems themselves but to their users, when creators are unaware of best practices, of how to properly check for vulnerabilities and sanitizing inputs. If these vulnerabilities are not resolved, they can be exploited to cause intentional damage. The lack of knowledge on how to write secure code can be an issue, but even using secure code can leave open doors for specific attacks that are not entirely warded-off by the chosen securing method. This dissertation presents a study into different methods of attacking web applications that are preventable with the proper implementation of PHP code on the server side, as well as of ways to prevent them. Some attention is given to the discussion of shortcomings of those same prevention methods, if they exist. This work also details the development of a tool that uses comparisons with examples of vulnerable and sanitized code snippets to check for similar code vulnerabilities in real time and suggest replacement for the potentially problematic code with a sanitized version when the similarity level with the vulnerable code is found to be above the similarity with the sanitized code. A study is also done in order to find out which shingle types and sizes are best suited for the code snippet comparison and which threshold for most optimization of the comparison operation. In the end the results are presented with precision values of near 89% and accuracy values of around 92%.

Description

Tese de Mestrado, Engenharia Informática (Engenharia de Software), 2024, Universidade de Lisboa, Faculdade de Ciências

Keywords

Locality Sensitive Hashing Vulnerabilidades Aplicações web Detecção de vulnerabilidades Recomendação de código seguro Teses de mestrado - 2024

URI

http://hdl.handle.net/10400.5/95533

Pedagogical Context

Citation

Research Projects

Organizational Units

Journal Issue

Publisher

Collections

FC-DI - Master Thesis (dissertation)

CC License