Post-graduate theses
Current Record: 86 of 824
|
Identifier |
000440099 |
Title |
SecurityAuditor: a XDriver security oriented module for the evaluation of Security Header Policies |
Alternative Title |
SecurityAuditor: ένα XDriver εργαλείο προσανατολισμένο στην ασφάλεια για την αξιολόγηση των Security Header Policies |
Author
|
Σαββόπουλος, Αλέξανδρος Δ.
|
Thesis advisor
|
Πρατικάκης, Πολύβιος
|
Reviewer
|
Ιωαννίδης, Σωτήριος
Τζίτζικας, Ιωάννης
|
Abstract |
Website security is an important factor for a properly functional site. The developers
can set Security Header policies in order to prevent various attacks that can be fatal to
the functionality of the websites. However, there are many policies' misconfigurations
which can be exploited by the attackers. These attacks can even lead to the users' private
data leaking.
The Selenium is a browser automation framework. It emulates a user website task as it
can control the web browsers through WebDrivers. The user's functionalities can be
executed by this framework in order to gather information about the websites'
functionalities. However, there are many problems which can be created by this
framework during the execution of users' tasks. These problems may lead to a task's
failure. For this reason there is another browser automation toolset named XDriver
framework. It contains mechanisms, which offer solutions for task's failures in order to
finish it successfully. It also offers Selenium functionalities to reduce the code complexity
as it was built on the top of the Selenium framework.
In this master thesis the SecurityAuditor module was developed. This is an XDriver
module that used XDriver functionalities in order to evaluate the Security Header Policies.
These policies could be implemented by the websites' developers. It also detected
policies' misconfigurations which could reduce the security of the website. Using this
module, a large-scale study was conducted in order to evaluate it as well as to investigate
if these policies were implemented correctly by the websites' developers. It was observed
that most of the domains did not implement these policies and some of the policies were
detected with syntax errors or known vulnerabilities (misconfigurations). Therefore, the
websites' safety could be reduced.
The comparison of the XDriver with the Selenium framework was another study which
was conducted in this thesis. The XDriver error handling mechanisms were evaluated,
executing browser users' tasks in a number of domains for both of these frameworks. It
was concluded that the XDriver solved many Selenium exceptions.
|
Language |
English |
Subject |
Browser aytomation framework |
|
Selenium framework |
|
Websites security |
|
XDriver framework |
|
Ασφάλεια ιστοσελίδων |
|
Εργαλεία αυτόματης περιήγησης |
|
Πολιτικές ασφάλειας |
Issue date |
2021-07-30 |
Collection
|
School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
|
|
Type of Work--Post-graduate theses
|
Permanent Link |
https://elocus.lib.uoc.gr//dlib/4/6/e/metadata-dlib-1622015996-333142-26065.tkl
|
Views |
541 |