| Dynamic web applications are a major feature of the internet today. These web-based database applications are responsible for storing data and for the communication between businesses and users. As web applications become more popular, so do the number and the complexity of attacks. Despite the evidence to support more security-minded design and development, it is frequently left to the end of the development cycle. Developers often do not have time to prioritize security analysis. If this is true for professional developers, it is not surprising that student developers also neglect security analysis in their projects. This thesis provides a methodology for students to follow during the design and development process of web applications. Using an existing student web project as a case study, this thesis presents several vulnerability tests as part of a proposed security analysis methodology. By completing these tests and uncovering hidden security vulnerabilities, the thesis provides a framework for testing and analyzing other students' web projects. |
