Hide menu

Examensarbeten och uppsatser / Final Theses

Framläggningar på IDA / Presentations at IDA


Se även framläggningar annonserade hos ISY och ITN i Norrköping / See also presentations announced at ISY and ITN in Norrköping (in Swedish)

If nothing is stated about the presentation language then the presentation is in Swedish.

På grund av rådande distansläge kommer framläggningar våren 2020 ske på distans. Se mer information på sidan om digitala framläggningar (även länk till vänster). Vid krav på lösenord för att komma in till exjobbspresentationen, vänligen kontakta examinator för lösenord (skriv in personens namn i sökfältet uppe till höger och välj "Sök IDA-anställda" i menyn).
/
Due to current distance mode thesis presentations during spring of 2020 will take place online. See more information on the page for online presentations (also link in the menu). If password is required to access the online presentation, please contact the examiner (type in the examiner's name in the search bar in the top right, and choose "Sök IDA-anställda" in the menu).

WExUpp - kommande framläggningar
  • 2020-12-01 kl 10:15 i https://liu-se.zoom.us/j/64056863240

    Security Auditing and Testing of two Android Client-Server Applications

    Författare: Matilda Engström Ericsson
    Opponent: Joakim Östman
    Handledare: Simin Nadjm-Tehrani
    Examinator: Marcus Bendtsen
    Nivå: Grundnivå (16hp)

    The study aims to assess two proof of concept Android client-server applications partly based on the Open Web Application Security Project (OWASP) Top 10 Mobile Risks from 2016 and partly based on a vulnerability assessment that focuses on the architecture and design of the applications.

    It is concluded that the applications encompass multiple of the OWASP Top 10 Mobile Risks and that automated tools find those vulnerabilities. However, the study shows that it is not sufficient to satisfy lists like these as the architecture of the application has big implications on its security. The list may give developers a false sense of security. For instance, components are often dependent upon one another and suffer if other components are not up to standard, since they either need to adapt to legacy code or bad implementations.

    Another important finding was that the third party software Sinch, which was used to make voice and video calls in one of the applications, left IP addresses of the user visible during the binding request when the Session Traversal Utilities for NAT (STUN) protocol was used. The Android community has a responsibility to let users of the platform know when insecure connections are made by applications. At the moment there is no way for a regular user to know if their data is being sufficiently protected or not. This problem is reflected upon and a potential way forward is discussed in the thesis.



Page responsible: Ola Leifler
Last updated: 2020-06-11