University of Oulu

The WebSocket protocol and security : best practices and worst weaknesses

Saved in:
Author: Karlström, Juuso
Organizations: 1University of Oulu, Faculty of Information Technology and Electrical Engineering, Department of Information Processing Science, Information Processing Science
Format: ebook
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 1.5 MB)
Persistent link: http://urn.fi/URN:NBN:fi:oulu-201603081281
Language: English
Published: Oulu : J. Karlström, 2016
Publish Date: 2016-03-16
Physical Description: 52 p.
Thesis type: Master's thesis
Tutor: Lappalainen, Jouni
Reviewer: Lappalainen, Jouni
Vesanen, Ari
Description:
Modern web applications need reliable communication between the servers and the clients in order to access information from databases or to insert user defined input into the applications. Even today, when the web sites are something completely different from what they were originally designed to be, they still rely on the original protocols. These protocols, e.g. HTML, have been updated a few times. The transition from HTML 4.1. to HTML5 introduced many new features and techniques, such as the WebSocket protocol. Auditing different protocols from the security perspective is one of the key methods for enhancing the reliability of the protocols under testing. The results provided by the testing often reveal vulnerabilities or at the very least suggestions for future development. These results are then assigned to the developers or the community and hopefully these issues are then addressed. In this thesis Design Science Research Methodology was used to research the WebSocket protocol and also a few commonly used server implementations for this protocol. Moreover, statistics on how widely WebSockets are used in web applications was also looked into. The research showed that the protocol in itself has dealt with the security aspect and that the protocol specification states clearly on how the protocol should work when applied according to the documentation. However, as there is a delicate balance between usability and security, the scale has favoured usability over security on a number of occasions by reducing the safety of the protocol to some degree.
see all

Subjects: