| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lampi, Anna", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Juvonen, Jaakko", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-03-07T07:37:53Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-03-07T07:37:53Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/93839", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Viimevuosien aikana verkkosovellukset ovat kasvattaneet suosiotaan verkkoselaimella saavutettavan universaalin saatavuuden, sek\u00e4 helppok\u00e4ytt\u00f6isyyden vuoksi. T\u00e4m\u00e4 muutos ei kuitenkaan ole saapunut ilman seuraamuksia. Verkkosovellukset omaavat suuren hy\u00f6kk\u00e4yspinta-alan pahantahtoisia toimijoita kohtaan, p\u00e4\u00e4asiassa monimutkaisuutensa sek\u00e4 sovelluksissa k\u00e4ytett\u00e4vien teknologioiden suuren m\u00e4\u00e4r\u00e4n takia. T\u00e4m\u00e4 tutkimus keskittyi kriittisimpiin verkkosovellusten haavoittuvuuksiin, sek\u00e4 siihen, miten niit\u00e4 voidaan ehk\u00e4ist\u00e4. Tutkimus toteutettiin systemaattisena kirjallisuuskatsauksena. Haavoittuvuudet johdettiin tuoreimmasta OWASP Top Ten- listauksesta kriittisimmist\u00e4 verkkosovellusten haavoittuvuuksista, sek\u00e4 haavoittuvuudet kategorisoitiin nelj\u00e4\u00e4n eri kategoriaan niiden ominaisuuksien mukaan. Tutkimuksessa huomattiin, ett\u00e4 vaikka monia haavoittuvuuksista voidaan lievitt\u00e4\u00e4 tai v\u00e4hent\u00e4\u00e4 implementoimalla puolustautuvaa ohjelmointia, suuren osan ajasta skannaukset ja testaukset suoritetaan legacy-sovelluksille. T\u00e4m\u00e4 korostaa dynaamisen ja staattisen analyysin merkityst\u00e4. Toinen suuri tekij\u00e4 turvallisessa verkkosovelluksen kehityksess\u00e4 on inhimillisen virheen minimointi, joka on paljolti edustettuna loogiseen rakenteeseen liittyviss\u00e4 haavoittuvuuksissa sek\u00e4 alustan konfiguroinnissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "In recent years, web applications have grown in popularity due to their universal accessibility via browsers and their ease of use. However, this change has not come without its consequences. Web applications possess a large attack surface for malicious actors, mainly because of the complexity and number of different technologies implemented in these applications. This study focused on the most critical web application vulnerabilities, and how to detect and avoid them. The study was made as a systematic literary review. The vulnerabilities were derived from the latest OWASP Top Ten listing of the most critical web application vulnerabilities, and they were further categorized into four different types by their properties. It was found that while most of the vulnerabilities can be mitigated by implementing defensive coding practices, most of the time vulnerability scanning and testing is made on legacy applications. This highlights the importance of dynamic and static analysis. Another major factor in secure web application development is minimizing human error, which is massively represented on vulnerabilities regarding the web applications logical correctness or the configuration of the platform.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2024-03-07T07:37:53Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-03-07T07:37:53Z (GMT). No. of bitstreams: 0\n Previous issue date: 2024", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "34", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "verkkosovellusten haavoittuvuudet", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "OWASP Top Ten", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Verkkosovellusten kriittisimm\u00e4t haavoittuvuudet ja miten niit\u00e4 ehk\u00e4ist\u00e4\u00e4n", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "bachelor thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202403072304", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Bachelor's thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Kandidaatinty\u00f6", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_7a1f", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "bachelorThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|