Penetration Testing of Glia’s Web Application
Name
Doris Sarapuu
Abstract
Penetration testing is a simulation of real attacks to assess the risks associated with potential security vulnerabilities. Penetration testing requires various levels of expertise to manually verify security requirements, to review web application source code and configure automated tests. Nonprofit organization OWASP provides several documents for software security assessment. Glia’s Operator Application was tested against all OWASP Top 10 2017 threats. For threat verification, OWASP ASVS 4.0 level 2 requirements along with additional customized test cases were checked. In addition to manual security requirement verification, automated Burp Suite tools were used. For each detected vulnerability, risk severity was assessed by taking into account the threat prevalence likelihood and impact. Risk mitigation suggestions were provided to all OWASP Top 10 threats.
Graduation Thesis language
English
Graduation Thesis type
Master - Conversion Master in IT
Supervisor(s)
Kristjan Krips, Carlos Paniagua
Defence year
2019