Measurement of javascript applications' readiness to untrusted data using bayesian networks
Ufuktepe, Ekincan, author.

Measurement of javascript applications' readiness to untrusted data using bayesian networks

Ufuktepe, Ekincan, author.

Yazar Ek Girişi
Ufuktepe, Ekincan, author.

Fiziksel Tanımlama
x, 54 leaves.: + 1 computer laser optical disc.

Web applications have become an integral part of our daily lives. People mostly provide their important needs, such as people keep their private data, do their banking transactions, shopping etc. through web applications. Therefore, web applications have been an attractive target to malicious individuals and organizations. The usage of JavaScript language by web application developers is increasing very fast, especially after JavaScript started to service back-end developers as well. Therefore, JavaScript has incorporated both front-end and back-end developers. Concurrently, due to flexibility and its most popular library called jQuery, JavaScript has become an attractive to web application developers. OWASP updates the top 25 security vulnerabilities regularly. According the results, SQL Injection (CWE-89) and Operating System Command Injection (CWE-78) has taken the 1st place and Cross-Site Scripting (XSS) (CWE-79) has taken the 3rd place. The results shows that three input validation based vulnerabilities appear in the top three; therefore, it can be said that input validation vulnerabilities have become critical vulnerabilities of web applications. However, developers still fail to validate the inputs or use libraries to protect their web applications against input validation vulnerabilities. In this thesis, JavaScript application’s functions are analyzed to determine if their parameters are validated or not. Then, according to the invalidated inputs, a Bayesian Network to measure its readiness to input validation vulnerabilities is generated.

Konu Başlığı
Computer security.
JavaScript (Computer program language).
Bayesian statistical decision theory.

Yazar Ek Girişi
Tuğlular, Tuğkan

Tüzel Kişi Ek Girişi
İzmir Institute of Technology. Computer Engineering.

Tek Biçim Eser Adı
Thesis (Master)--İzmir Institute of Technology: Computer Engineering.
İzmir Institute of Technology: Computer Engineering--Thesis (Master).

Elektronik Erişim
Access to Electronic Versiyon.

LibraryMateryal TürüDemirbaş NumarasıYer NumarasıDurumu/İade Tarihi
IYTE LibraryTezT001291QA76.9.A25 U25 2014Tez Koleksiyonu