Medeiros, Ibéria Vitória de SousaCogo, Vinicius VielmoMartins, Pedro Lima2024-11-212024-11-2120242024http://hdl.handle.net/10400.5/95533Tese de Mestrado, Engenharia Informática (Engenharia de Software), 2024, Universidade de Lisboa, Faculdade de CiênciasIn current times, the Internet is a fairly standardized environment, but even so it is still a very free place regarding both what can be created and who can create within it. Many of these creations are web applications, shared by several users and often employed as templates for similar applications. The fact that just about anyone can do this can be problematic, as issues can occur due to these applications being left exposed to attacks, not only to the systems themselves but to their users, when creators are unaware of best practices, of how to properly check for vulnerabilities and sanitizing inputs. If these vulnerabilities are not resolved, they can be exploited to cause intentional damage. The lack of knowledge on how to write secure code can be an issue, but even using secure code can leave open doors for specific attacks that are not entirely warded-off by the chosen securing method. This dissertation presents a study into different methods of attacking web applications that are preventable with the proper implementation of PHP code on the server side, as well as of ways to prevent them. Some attention is given to the discussion of shortcomings of those same prevention methods, if they exist. This work also details the development of a tool that uses comparisons with examples of vulnerable and sanitized code snippets to check for similar code vulnerabilities in real time and suggest replacement for the potentially problematic code with a sanitized version when the similarity level with the vulnerable code is found to be above the similarity with the sanitized code. A study is also done in order to find out which shingle types and sizes are best suited for the code snippet comparison and which threshold for most optimization of the comparison operation. In the end the results are presented with precision values of near 89% and accuracy values of around 92%.engLocality Sensitive HashingVulnerabilidadesAplicações webDetecção de vulnerabilidadesRecomendação de código seguroTeses de mestrado - 2024master thesis203740106