Web application penetration testing: an analysis of a corporate application according to OWASP guidelines

Cordella, Alessandro (2019) Web application penetration testing: an analysis of a corporate application according to OWASP guidelines. [Laurea magistrale], Università di Bologna, Corso di Studio in Informatica [LM-DM270]
Documenti full-text disponibili:
[img] Documento PDF (Thesis)
Disponibile con Licenza: Creative Commons: Attribuzione - Non commerciale - Non opere derivate 3.0 (CC BY-NC-ND 3.0)

Download (2MB)


During the past decade, web applications have become the most prevalent way for service delivery over the Internet. As they get deeply embedded in business activities and required to support sophisticated functionalities, the design and implementation are becoming more and more complicated. The increasing popularity and complexity make web applications a primary target for hackers on the Internet. According to Internet Live Stats up to February 2019, there is an enormous amount of websites being attacked every day, causing both direct and significant impact on huge amount of people. Even with support from security specialist, they continue having troubles due to the complexity of penetration procedures and the vast amount of testing case in both penetration testing and code reviewing. As a result, the number of hacked websites per day is increasing. The goal of this thesis is to summarize the most common and critical vulnerabilities that can be found in a web application, provide a detailed description of them, how they could be exploited and how a cybersecurity tester can find them through the process of penetration testing. To better understand the concepts exposed, there will be also a description of a case of study: a penetration test performed over a company's web application.

Tipologia del documento
Tesi di laurea (Laurea magistrale)
Autore della tesi
Cordella, Alessandro
Relatore della tesi
Correlatore della tesi
Corso di studio
Curriculum C: Sistemi e reti
Ordinamento Cds
Parole chiave
Penetration testing,OWASP,Cybersecurity,Web Application,Vulnerability Assessment
Data di discussione della Tesi
14 Marzo 2019

Altri metadati

Statistica sui download

Gestione del documento: Visualizza il documento