Evaluating Security in Open Source Consumer Applications
MetadataVis full innførsel
Introduction The aim of this Master Thesis is to develop a software security guideline that will be used for evaluating methods and measuring security in open source projects with a high security implication such as healthcare applications for example, where the privacy and security is a crucial factor. Background Theory First section of thesis is focused on presenting the appropriate background theory that will be needed for a good understanding of the rest of the thesis, like vulnerabilities, common security attacks, definition of the client-server technology, risk analysis and specific theory about Indivo and the healthcare field. Methods The method chosen to develop the guideline was the waterfall model as time was quite limited and only one iteration could be done. That s why no other methods like the spiral model were used, as they require several iterations until achieving functionality. Results After applying the guideline, several vulnerabilities were found, like session hijacking or capturing login information on real time. The guideline proved to be useful in revealing serious security issues that should be fixed, and into describing the purpose and the logic of decisions made in early stages like organizational or design stage. Conclusion Both the development of the Security Guideline and the posterior testing of the guideline were considered successful, as a working methodology was established and several security issues were revealed in Indivo.