| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Oleksiy, Mazhelis", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Kaasalainen, Santeri", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2018-03-13T15:54:44Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2018-03-13T15:54:44Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2018", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/57316", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Verkkosovellukset ovat houkutteleva tapa tarjota kuluttajille palveluita, koska selainpohjainen sovellus takaa sen, ett\u00e4 yksi ja sama sovellus toimii usealla eri alustalla riippumatta laitteesta tai k\u00e4ytt\u00f6j\u00e4rjestelm\u00e4st\u00e4. Verkkosovellukset ovat kuitenkin alttiimpia kyberhy\u00f6kk\u00e4yksille, koska niiden verkkok\u00e4ytt\u00f6liittym\u00e4rajapinta on julkisesti avoin. Lis\u00e4ksi verkkosovelluksien koostuminen suuresta m\u00e4\u00e4r\u00e4st\u00e4 vuorovaikutuksessa kesken\u00e4\u00e4n olevia teknologioita on johtanut tietoturvan toteutumisen hankaloitumiseen, koska kehitt\u00e4j\u00e4t joutuvat pit\u00e4m\u00e4\u00e4n silm\u00e4ll\u00e4 kunkin teknologian haavoittuvuuksille altistavia tekij\u00f6it\u00e4. T\u00e4m\u00e4n vuoksi on t\u00e4rke\u00e4\u00e4 tutkia verkkosovellusten mahdollisia haavoittuvuuksia, syit\u00e4 n\u00e4ihin sek\u00e4 kuinka ne voidaan ehk\u00e4ist\u00e4. Tutkielmassa k\u00e4siteltiin verkkosovellusten rakennetta silt\u00e4 pohjalta, ett\u00e4 kuinka eri teknologioiden l\u00e4sn\u00e4olo johtaa haavoittuvuuksiin. Tutkielmassa k\u00e4siteltiin my\u00f6s verkkosovellusten yleisimpi\u00e4 haavoittuvuuksia ja kuinka n\u00e4it\u00e4 voidaan ehk\u00e4ist\u00e4. Koska verkkosovelluksiin kohdistuvia haavoittuvuuksia on lukuisia, niit\u00e4 kaikkia on mahdotonta k\u00e4sitell\u00e4 t\u00e4m\u00e4n tutkielman puitteissa. Siksi t\u00e4ss\u00e4 tutkielmassa k\u00e4sitellyt haavoittuvuudet pohjattiin OWASP:n vuoden 2013 top 10 listaukseen verkkosovelluksiin kohdistuvista haavoittuvuuksista soveltuvilta osin. Kirjallisuuskatsauksen perusteella l\u00f6ydettiin verkkosovellusten haavoittuvuuksien syille nelj\u00e4 yl\u00e4kategoriaa: puutteellinen sy\u00f6tteiden varmistus, puutteellinen istuntotunnisteen hallinta, puutteet verkkosovelluksen loogisessa rakenteessa ja puutteellinen verkkosovelluksen alustan konfiguraatio. Kirjallisuuskatsauksen perusteella, tutkielmassa esitettiin my\u00f6s kehitt\u00e4misvaiheen k\u00e4yt\u00e4nteet, joiden avulla edell\u00e4 mainituista syist\u00e4 johtuvat haavoittuvuudet v\u00e4ltet\u00e4\u00e4n.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Web applications have become a tempting way to provide services for customers because using an application via web browser provides a way to run it no matter what device or operating system user is using. However, web applications are more prone to cyber-attacks because they accessible through their web user interface. In addition, web applications constitute of many different technologies that are in interaction with each other meaning that developers need to keep an eye on vulnerabilities that are due to using each of technologies. That is a reason for doing research of web application vulnerabilities: what are the reasons that lead to their existence and what are the ways to prevent them. In this paper, web application architecture and how structure of large amount of different technologies leads to existence of vulnerabilities were surveyed. Also the most common web application vulnerabilities and prevention technics were surveyed. Because there exists large amount of different web application vulnerabilities it is impossible to have them all present in this research. That\u2019s why vulnerability chapter in this paper have been limited to base on of applicable part of OWASP\u2019s top 10 list of the most dangerous web application vulnerabilities from 2013. Four main categories were found to be causes of web application vulnerabilities: lack of input validation, poor session management, shortcoming in application\u2019s logical structure and security misconfiguration. Based on literature review, practices to prevent vulnerabilities that occur because those reasons were also presented.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Santeri Kaasalainen (saermika) on 2018-03-13 15:54:43.750711. Form: Kandidaatintutkielma -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/kandin-tutkielma-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2018-03-13T15:54:44Z\nNo. of bitstreams: 2\nURN:NBN:fi:jyu-201803131720.pdf: 636555 bytes, checksum: 137228358fef8bfe0affc0c79dd39117 (MD5)\nlicense.html: 4839 bytes, checksum: 949b7cb911e1a895240f2b9ebd3fe55e (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2018-03-13T15:54:44Z (GMT). No. of bitstreams: 2\nURN:NBN:fi:jyu-201803131720.pdf: 636555 bytes, checksum: 137228358fef8bfe0affc0c79dd39117 (MD5)\nlicense.html: 4839 bytes, checksum: 949b7cb911e1a895240f2b9ebd3fe55e (MD5)\n Previous issue date: 2018", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "43", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "verkkosovellus", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "haavoittuvuus", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Verkkosovellusten yleisimm\u00e4t haavoittuvuudet ja k\u00e4yt\u00e4nteet niiden ehk\u00e4isemiseksi", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "bachelor thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201803131720", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Kandidaatintutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Bachelor's thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": null, "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2018-03-13T15:54:44Z", "language": null, "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_7a1f", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "bachelorThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|