Document details

Description
Dissertação de mestrado em Engenharia Informática Web applications have become increasingly important in the last years. As more and more applications deal with sensitive and con dential data, the quantity and negative impact of security vulnerabilities has grown as well. To understand this impact, this work presents a study over the most common and risky security vulnerabilities seen on web applications today. Also, with the emerging of the new HTML5 speci cation, an approach is made on how HTML5 will impact web security. The goal is to describe the new features of HTML5 and demonstrate how they may, or may not, introduce new security vulnerabilities to web applications. Understanding the vulnerabilities is only the rst step, as that knowledge is worthless if not applied into the software development life cycle. As so, this works performs a detailed analysis over static analysis tools, methodologies and strategies. Static analysis tools are very powerful, because they can help developers identifying possible vulnerabilities during all the development process. Finally, this work compiles the information gathered in order to provide a set of guidelines on how static analysis tools need to evolve to face the new challenges presented by HTML5 and other emerging technologies. Also, a high level de nition for the structure of a static analysis platform is presented. As a whole, this work intends to be a complete survey over web security vulnerabilities, how they can evolve with the arriving of HTML5 and how can this be approached by static analysis tools.