IT security is one of the nowadays most important questions. The industry pays serious attention to this area because a leaked information can be very destructive morally and business-wise as well. This implies that we should consider certain principles when we plan and implement systems, in order to protect confidentiality, integrity and availability. To achieve this, it is necessary for the developers to know the basics of secure programming.
Examining the web application development technologies, used in the market, we find that one of the most popular languages is Java, which often combined with Spring Framework. My thesis focuses on the challenges of the modern web development that is being introduced with the technologies mentioned before. Aside of the common attacks (like sql injection, xss, open redirection) I cover a lesser-known vulnerability called ReDoS.
Logically, a description of an attack consists of three parts:
• A theoretical explanation of the attack.
• An example that shows the exploitation of the vulnerability.
• A suggestion in order to prevent the vulnerabilty.
In the challenge, the site gets under attack to show how can somebody make use of the security hole. Later, I will explain a possible way to protect the system by changing the code. To prove correctness I will rerun the test.