The WebSocket protocol and security : best practices and worst weaknesses
Karlström, Juuso (2016-03-03)
J. Karlström
03.03.2016
© 2016 Juuso Karlström. Tämä Kohde on tekijänoikeuden ja/tai lähioikeuksien suojaama. Voit käyttää Kohdetta käyttöösi sovellettavan tekijänoikeutta ja lähioikeuksia koskevan lainsäädännön sallimilla tavoilla. Muunlaista käyttöä varten tarvitset oikeudenhaltijoiden luvan.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-201603081281
https://urn.fi/URN:NBN:fi:oulu-201603081281
Tiivistelmä
Modern web applications need reliable communication between the servers and the clients in order to access information from databases or to insert user defined input into the applications. Even today, when the web sites are something completely different from what they were originally designed to be, they still rely on the original protocols. These protocols, e.g. HTML, have been updated a few times. The transition from HTML 4.1. to HTML5 introduced many new features and techniques, such as the WebSocket protocol.
Auditing different protocols from the security perspective is one of the key methods for enhancing the reliability of the protocols under testing. The results provided by the testing often reveal vulnerabilities or at the very least suggestions for future development. These results are then assigned to the developers or the community and hopefully these issues are then addressed.
In this thesis Design Science Research Methodology was used to research the WebSocket protocol and also a few commonly used server implementations for this protocol. Moreover, statistics on how widely WebSockets are used in web applications was also looked into.
The research showed that the protocol in itself has dealt with the security aspect and that the protocol specification states clearly on how the protocol should work when applied according to the documentation. However, as there is a delicate balance between usability and security, the scale has favoured usability over security on a number of occasions by reducing the safety of the protocol to some degree.
Auditing different protocols from the security perspective is one of the key methods for enhancing the reliability of the protocols under testing. The results provided by the testing often reveal vulnerabilities or at the very least suggestions for future development. These results are then assigned to the developers or the community and hopefully these issues are then addressed.
In this thesis Design Science Research Methodology was used to research the WebSocket protocol and also a few commonly used server implementations for this protocol. Moreover, statistics on how widely WebSockets are used in web applications was also looked into.
The research showed that the protocol in itself has dealt with the security aspect and that the protocol specification states clearly on how the protocol should work when applied according to the documentation. However, as there is a delicate balance between usability and security, the scale has favoured usability over security on a number of occasions by reducing the safety of the protocol to some degree.
Kokoelmat
- Avoin saatavuus [43406]