fullrecord |
[{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Salminen, Juho", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-05-18T12:25:33Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-05-18T12:25:33Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/69031", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tutkimuksen aiheena oli verkkosovellusten haavoittuvuuksien testaaminen ja tietoturvallisuuden parantaminen. Aihe on ajankohtainen, koska verkkosovelluksia k\u00e4ytet\u00e4\u00e4n yh\u00e4 enemm\u00e4n p\u00e4ivitt\u00e4isten asioiden hoitamiseen. Lis\u00e4ksi my\u00f6s yhteiskunnan t\u00e4rke\u00e4t toiminnot digitalisoituvat, mik\u00e4 voi lis\u00e4t\u00e4 niiden haavoittuvuutta. Tutkimuskysymyksen\u00e4 on, mit\u00e4 haavoittuvuuksia er\u00e4\u00e4st\u00e4 verkkosovelluksesta l\u00f6ytyy ja miten niit\u00e4 voidaan havaita. Yleisesti verkkosovellusten haavoittuvuustestausta ja haavoittuvuuksien hy\u00f6dynt\u00e4mist\u00e4 on tutkittu runsaasti. T\u00e4ss\u00e4 tutkimuksessa tarkoituksena oli kuvata tarkasti itse testausprosessin toteutus ja suorittaa verkkosovellukseen kattava tietoturvatestaus. \n \nTietoturvallisuudella tarkoitetaan tiedon suojaamista luottamuksellisuuden, eheyden ja saatavuuden n\u00e4k\u00f6kulmasta. Verkkosovellus on verkossa toimiva palvelu, kuten verkkopankki tai sosiaalisen median palvelu. Haavoittuvuudet ovat sovellusten teknisi\u00e4 ominaisuuksia, jotka voivat ilmet\u00e4 tietoturvallisuutta vaarantavina tekij\u00f6in\u00e4. Esimerkiksi ohjelmointivirhe voi mahdollistaa luottamuksellisten tietojen paljastumisen.\n \nTutkimus toteutettiin konstruktiivista tutkimusotetta k\u00e4ytt\u00e4en. Tarkoituksena oli koostaa raportti, josta ilmenee verkkosovelluksen haavoittuvuudet ja kehitysehdotukset. Teoreettiseksi viitekehykseksi ker\u00e4ttiin aineistoa kirjallisuuskatsauksella. Tutkimuksessa toteutettiin haavoittuvuustestaus eri ty\u00f6kaluilla m\u00e4\u00e4ritelty\u00e4 testausprosessia k\u00e4ytt\u00e4en, joka k\u00e4sitti tiedonhankinnan, haavoittuvuuksien skannaamisen automaattisilla ty\u00f6kaluilla, palvelunestohy\u00f6kk\u00e4yksen ja sovelluksen l\u00e4hdekoodin analysoinnin. Testauksen perusteella l\u00f6ydettiin muutamia haavoittuvuuksia, joiden poistamiseksi annettiin suosituksia kehitt\u00e4jille. Tuloksista voidaan p\u00e4\u00e4tell\u00e4, ett\u00e4 sovellus on tietyilt\u00e4 osin haavoittuva, mutta haavoittuvuudet ovat helposti korjattavissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The subject of the thesis was to test vulnerabilities in web applications and improve their information security. Web applications are used more and more in everyday life and digitalization can increase the number of vulnerabilities. The research question is what vulnerabilities there are in a web application and how they can be improved. In general, the topic of web application vulnerability testing and exploitation of vulnerabilities has been researched abundantly. The objective of this research was to describe in detail the testing process and perform testing to a web application.\n\nInformation security means protecting the confidentiality, integrity, and availability of information. A web application is a service provided on the Internet, such as an online bank or social media platform. Vulnerabilities are technical features of those applications that can danger the security of information. For example, a programming error can cause sensitive data exposure.\n\nThe research was conducted using a constructive research method. The aim was to construct a report with known vulnerabilities in the application and provide means on how to improve them. A literature review was used to build a theoretical framework. Vulnerability testing was done according to the testing process using different tools. The process included information gathering, vulnerability scanning with automated tools, denial of service, and source code analysis. A few vulnerabilities were found in the testing, and instructions were given to developers in order to fix them. The findings indicate that the application was vulnerable but the vulnerabilities are easily fixed.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-05-18T12:25:33Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-05-18T12:25:33Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "74", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "verkkosovellus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "OWASP", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Verkkosovelluksen haavoittuvuustestaus", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202005183285", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sovellusohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Internet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haavoittuvuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "testaus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|