Publicação
Aplicações web seguras em Django
| Resumo: | The main objective of this dissertation was the development of a secure Web application with the Django framework, through the implementation of a set of selected security mea sures. The application that was selected to apply the security measures was an e-commerce platform. Another objective of the present work was to analyze the support, offered by Django, to the development of secure Web applications. The literature review helped us to identify Web application security threats as well as their possible organization in 5 classes: (i) code injection threats, (ii) authentication control threats, (iii) access control threats, (iv) threats to data confidentiality, and (v) threats to the availability of the service. This kno wledge was crucial for the selection of the protection measures to implement in the Web application. The application was developed according to the Scrum agile methodology. The main problems encountered in using Scrum were (i) the need to adapt the methodo logy to a context in which the Scrum team has few members, and (ii) managing the conflict between the need to document sprints and the Scrum practice that favors productivity over documentation. The adopted compromise was to document each sprint before starting the next one. On the other hand, using Scrum improved the definition and fulfillment of the objectives, and allowed for the improvement of the development process itself. These be nefits result from Scrum following an iterative approach geared to the rapid production of functional product increments. From the set of functionalities identified during the re quirement elicitation phase, 18 user stories were successfully implemented, resulting in a minimum viable product, i. e., a functional product that implements the top most priority requirements for potential users. After implementing and testing the application, it was found that the level of security achieved is high, since 16 of the 19 implemented security measures are effective in protecting against the respective attacks. The support provided by Django, to the implementation of the selected security measures, reached a value close to 68 %. Code injection protection is the security measure best supported by Django. At the opposite extreme are the threats to the availability of the service, against which Django does not offer any support. |
|---|---|
| Autores principais: | Teixeira, Adriano Dias |
| Ano: | 2018 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade do Minho |
| Idioma: | português |
| Origem: | RepositóriUM - Universidade do Minho |
| Resumo: | The main objective of this dissertation was the development of a secure Web application with the Django framework, through the implementation of a set of selected security mea sures. The application that was selected to apply the security measures was an e-commerce platform. Another objective of the present work was to analyze the support, offered by Django, to the development of secure Web applications. The literature review helped us to identify Web application security threats as well as their possible organization in 5 classes: (i) code injection threats, (ii) authentication control threats, (iii) access control threats, (iv) threats to data confidentiality, and (v) threats to the availability of the service. This kno wledge was crucial for the selection of the protection measures to implement in the Web application. The application was developed according to the Scrum agile methodology. The main problems encountered in using Scrum were (i) the need to adapt the methodo logy to a context in which the Scrum team has few members, and (ii) managing the conflict between the need to document sprints and the Scrum practice that favors productivity over documentation. The adopted compromise was to document each sprint before starting the next one. On the other hand, using Scrum improved the definition and fulfillment of the objectives, and allowed for the improvement of the development process itself. These be nefits result from Scrum following an iterative approach geared to the rapid production of functional product increments. From the set of functionalities identified during the re quirement elicitation phase, 18 user stories were successfully implemented, resulting in a minimum viable product, i. e., a functional product that implements the top most priority requirements for potential users. After implementing and testing the application, it was found that the level of security achieved is high, since 16 of the 19 implemented security measures are effective in protecting against the respective attacks. The support provided by Django, to the implementation of the selected security measures, reached a value close to 68 %. Code injection protection is the security measure best supported by Django. At the opposite extreme are the threats to the availability of the service, against which Django does not offer any support. |
|---|