E-Locus - Institutional Repository of the University of Crete

Home Collections School/Department School of Sciences and Engineering Department of Computer Science Post-graduate theses

Post-graduate theses

Current Record: 86 of 824

[Add to Basket]

Identifier

000440099

Title

SecurityAuditor: a XDriver security oriented module for the evaluation of Security Header Policies

Alternative Title

SecurityAuditor: ένα XDriver εργαλείο προσανατολισμένο στην ασφάλεια για την αξιολόγηση των Security Header Policies

Author

Σαββόπουλος, Αλέξανδρος Δ.

Thesis advisor

Πρατικάκης, Πολύβιος

Reviewer

Ιωαννίδης, Σωτήριος
Τζίτζικας, Ιωάννης

Abstract

Website security is an important factor for a properly functional site. The developers can set Security Header policies in order to prevent various attacks that can be fatal to the functionality of the websites. However, there are many policies' misconfigurations which can be exploited by the attackers. These attacks can even lead to the users' private data leaking. The Selenium is a browser automation framework. It emulates a user website task as it can control the web browsers through WebDrivers. The user's functionalities can be executed by this framework in order to gather information about the websites' functionalities. However, there are many problems which can be created by this framework during the execution of users' tasks. These problems may lead to a task's failure. For this reason there is another browser automation toolset named XDriver framework. It contains mechanisms, which offer solutions for task's failures in order to finish it successfully. It also offers Selenium functionalities to reduce the code complexity as it was built on the top of the Selenium framework. In this master thesis the SecurityAuditor module was developed. This is an XDriver module that used XDriver functionalities in order to evaluate the Security Header Policies. These policies could be implemented by the websites' developers. It also detected policies' misconfigurations which could reduce the security of the website. Using this module, a large-scale study was conducted in order to evaluate it as well as to investigate if these policies were implemented correctly by the websites' developers. It was observed that most of the domains did not implement these policies and some of the policies were detected with syntax errors or known vulnerabilities (misconfigurations). Therefore, the websites' safety could be reduced. The comparison of the XDriver with the Selenium framework was another study which was conducted in this thesis. The XDriver error handling mechanisms were evaluated, executing browser users' tasks in a number of domains for both of these frameworks. It was concluded that the XDriver solved many Selenium exceptions.

Language

English

Subject

Browser aytomation framework

Selenium framework

Websites security

XDriver framework

Ασφάλεια ιστοσελίδων

Εργαλεία αυτόματης περιήγησης

Πολιτικές ασφάλειας

Issue date

2021-07-30