liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Säkerhet och integritet i webbapplikationer: En orientering över säker utveckling
Linköping University, Department of Management and Engineering.
Linköping University, Department of Management and Engineering.
2010 (Swedish)Student paper other, 10 credits / 15 HE creditsStudent thesisAlternative title
Security and Integrity in Web Applications : An orientation of safe development (English)
Abstract [en]

The use of Web applications is a growing area. While the possibilities and functionalities are increasing, so is the complexity of them, together with the threats against them because the complexity also opens up the application to vulnerabilities. It is therefore important for developers to know how a web application can be developed with security in mind.

This study’s intention has been to create an introductory documentation of what kind of techniques that exists which can produce higher security, which methods there can be within the development process and what to think about when programming secure web applications. In this paper we have investigated how theoretical manuals in the IT security department handles that area, and interviewed two developers from two different companies to see how they use security in their web applications.

The study has an exploratory technical perspective and does not explain how to practically use and interconnecting different security-enhancing technologies, but is more suppose to give a first glance at what is available and sow a seed for those interested to continue reading further about the subject. The results of the study was generated through comparison of the theoretical material with the empirical material, to then conclude the most prominent points of what are different and similar between those materials.

During the study some key points has been revealed for development: Responsibility for safety in the application lies, in the cases we looked at, with the developers to describe the technical possibilities and hence vulnerabilities when the client usually does not possess the same technical skills for that. The customer was, as the cases we studied, often not so proactive on safety and does not value it very high (if it was not a security-critical business such as being involved with defense technology). Because the customer in such cases didn’t put security as high priority, there existed a lack of motivation to spend extra money to combat threats that were not considered significant. In cases where extra recourses were spent on security, a measurement was developed that security should not cost more than the value of what it protects else the cost is unjustified. Finally it is noted that it is technically difficult to protect against human errors that can disarm the security, for example a simple or misplaced password.

Place, publisher, year, edition, pages
2010. , 91 p.
Keyword [en]
IT-security, web applications, web development, integrity
Keyword [sv]
Säkerhet, webbapplikationer, utveckling
National Category
Engineering and Technology
URN: urn:nbn:se:liu:diva-58125ISRN: LIU-IEI-FIL-G--10/00535--SEOAI: diva2:332280
Subject / course
Informatics/Information systems
2010-06-08, A32, A-Huset Campus Valla, LINKÖPING, 10:15 (Swedish)
Available from: 2010-09-10 Created: 2010-08-03 Last updated: 2011-10-17Bibliographically approved

Open Access in DiVA

Säkerhet och integritet i webbapplikationer(4472 kB)768 downloads
File information
File name FULLTEXT01.pdfFile size 4472 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Nordlander, MikaelMartinsson, Fredrik
By organisation
Department of Management and Engineering
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 768 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 687 hits
ReferencesLink to record
Permanent link

Direct link