• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for datateknologi og informatikk
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for datateknologi og informatikk
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Automatic Notification and Execution of Security Updates in the Django Web Framework

Nermark, Magnus
Master thesis
Thumbnail
View/Open
18042_FULLTEXT.pdf (1.576Mb)
18042_ATTACHMENT.zip (113.0Kb)
18042_COVER.pdf (1.556Mb)
URI
http://hdl.handle.net/11250/2563968
Date
2018
Metadata
Show full item record
Collections
  • Institutt for datateknologi og informatikk [4913]
Abstract
Frameworks are actively used today as a tool to simplify development processes and to create secure and robust tailor made solutions. Using frameworks as the foundation when developing web solutions reduce the time it takes to go from an idea to a finished product, meanwhile allowing the framework to handle potential log-in processes. Problems occur if a security breach is identified in such a framework. If the flawed framework is utilized by multiple websites, these users will be vulnerable to malware or malicious actions by third parties. If the update process for the framework is simplified, it would mean an increase in the update rate by any admin.

In this thesis, research by interviews and observations have been made to identify possible improvements in the update process of the Python-based framework Django. Since 2010, more than 50 holes in the security of this framework have been discovered. Due to a complicated update process, there is reason to assume that there are multiple users on the web today with vulnerable versions of the framework. Therefore, in the work on this thesis, a tool that can be installed on existing Django-applications has been developed and tested. This tool will alert an admin if the current version of the framework is outdated. The tool includes a user interface to help the administrator installing any updates and uncover potential risks by installing the newest version of the framework.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit