EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security in Behaviour Driven Authentication for Web Applications
2012 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This paper describes the security research for a web application designed by BehavioSec. The application uses JavaScript to record keystrokes to generate data that is sent back to a server for verication. As this type of applications are often used in systems used for sensitive data, they are often targets for various attacks. The purpose of this paper is to decide what can be done to, if not prevent these attacks, then at least make it more dicult to succeed with an attack.Information has been gathered through web research, mainly based on the current programming languages that are being used in the application but alternatives has also been taken into consideration. Requests from BehavioSec has also been evaluated.There are many ways to increase the security around these kinds of applications. Web replay attacks could be countered by generating a JavaScript on the server side for each user that has the same functionality but with a dierent format each time. One way to prevent man in the browser attacks could be to use a verication based on the performed request from the client. Hashing the data could also help verify that the data has not been altered since it was transmitted from the client to some extent. To increase the security further a salt could be used with the hash function. No matter what solution is used, the use of sessions is recommended as it enable the possibility to store sensitive data on the server side instead of passing it to the client.
Place, publisher, year, edition, pages
2012. , p. 50
Keywords [en]
Technology
Keywords [sv]
Teknik
Identifiers
URN: urn:nbn:se:ltu:diva-47609Local ID: 524774e5-6f23-419d-b157-6dc5205efee9OAI: oai:DiVA.org:ltu-47609DiVA, id: diva2:1020937
Subject / course
Student thesis, at least 30 credits
Educational program
Computer Science and Engineering, master's level
Supervisors
Note
Validerat; 20120131 (anonymous)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(927 kB)1080 downloads
File information
File name FULLTEXT02.pdfFile size 927 kBChecksum SHA-512
076bd650bef0c0ff470fec1a3cfb27926304d170811c9c0668a1c92389e99ebe86df84245b9dbf972618078a3799c65e26003fb9a92ca119c68949127642fbb2
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Nilsson, Daniel

Search outside of DiVA

GoogleGoogle Scholar
Total: 1080 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 159 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
Researcher: Register
|
Student: Register
|
Contact
|
WCAG