IR @ Nirma University
Keeping in tune the global developments we are creating an institutional repository using DSpace Software (Digital Library Software). We are archiving institutional knowledge like, faculty papers, theses, and dissertations in PDF format at DSpace. Students can access this digital information anywhere in the campus.
Please use this identifier to cite or link to this item:
http://10.1.7.192:80/jspui/handle/123456789/8034Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Katharotia, Vidhi | - |
| dc.date.accessioned | 2018-12-07T09:01:57Z | - |
| dc.date.available | 2018-12-07T09:01:57Z | - |
| dc.date.issued | 2018-05-01 | - |
| dc.identifier.uri | http://10.1.7.192:80/jspui/handle/123456789/8034 | - |
| dc.description.abstract | All the software projects or applications have one artifact in common, i.e. source Code Review. This process can be done to identify and remove security risks which application security is facing. Since ITS4 has released in early 2000, the idea of source code review and remediation came into existence. It has a set of very simple rules for the source code review that can used to find out simple security vulnerabilities. But nowadays simple security mechanisms doesnt work with the complicated threats. This threats are generated because of the developers mistake also, i.e. missing semicolon, extra parenthesis etc. Most of the time this errors can be captured by the compiler but if some of them are missed at the time of compilation, attackers can take advantage of all those mistakes and system can be compromised. Some of the attacks are considers false positives and false negatives which your system cannot Identify. These are the most dangerous attacks nowadays. Some of the false negatives attacks can cause zero-day attacks also. Zero-Days are the growing threats to the organization and corporate networks. Because this are the attacks that can easily pass your systems security level and no IDS/IPS can able to detect it. Our normal signature based IDS cannot detect Zero-Day attack as signature based IDS can store all the known signatures statically and if any new signature comes then it will generate an error. With this concept there are lot more chances for the FPs to occur. Many, if not most, systems are vulnerable to these attacks. Some of the attacks can come out after you deploy your application by the external security researcher. They hunt all day and night to come across such an attacks and get rid of it. Some of them are good who can report vulnerabilities if they came across any but some of them are bad once also. These researchers can later exploit the vulnerability and take over access of your applications or perform some of the injections also. Developing portal for these researchers and do source code analysis on the project code is where this project runs. Main aspect of the project is to make it easy for the security team to review the vulnerabilities and try solving it. With the current manual process some of the bugs we are missing which can be reduced by the automated process of the same current manual process. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Institute of Technology | en_US |
| dc.subject | Computer 2016 | en_US |
| dc.subject | Project Report 2016 | en_US |
| dc.subject | Computer Project Report | en_US |
| dc.subject | Project Report | en_US |
| dc.subject | 16MCEI | en_US |
| dc.subject | 16MCEI10 | en_US |
| dc.subject | INS | en_US |
| dc.subject | INS 2016 | en_US |
| dc.subject | CE (INS) | en_US |
| dc.title | Application Security Code Review and Remediation | en_US |
| dc.type | Dissertation | en_US |
| Appears in Collections: | Dissertation, CE (INS) | |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 16MCEI10.pdf | 16MCEI10 | 4.46 MB | Adobe PDF |  View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.