TRAP@NCI

Reflux: Technical Report

Bickmore, Seán (2018) Reflux: Technical Report. Undergraduate thesis, Dublin, National College of Ireland.

[img]
Preview
PDF (Bachelor of Science)
Download (14MB) | Preview

Abstract

The following documentation pertains to the fourth year cyber security web application project entitled Reflux.
The context of this application is as a body of knowledge, specifically for developers to share or query for solutions based in code with support for a plethora of languages. It can be held within the same realm as competitive technologies such as Stack Overflow, GitHub, or JS Fiddle. Within each of these is a feature-set that which Reflux aims to encompass in part and satisfy beyond the scope of what is offered by these competitors with heavy focus on communication/comprehension of the application itself as derived from its user interface. The project must additionally satisfy security requirements with particular respect to those as outlined by the Open Web Application Security Project (OWASP). Reflux itself is not deeply rooted in security thematically, but consists of the most common elements prone to vulnerabilities and exploitation, such as manipulating inputs with malicious intent to achieve an attacking objective that, in practice, compromises some or all of three facets, confidentiality, integrity, and availability or authentication.

Reflux is built on top of the Laravel PHP framework, which streamlines otherwise complex setup processes that are common to most web applications, such as routing, authentication, and session handling. It is a model view controller framework which compartmentalises the frontend contextual functionality that defines Reflux in a business sense, and its security implementations that occur in the backend that intrinsically link with said contextual functionality. As such, Reflux’s internal setup means that database associations, backend, and frontend all communicate but locate externally and separate to one another. There are a plethora of helper functions defined in custom syntax that evoke many of the most important features of Laravel, inclusive of some security measures employed by Reflux. For example, by default, Reflux uses middleware to discern what type of user a user is, providing a layer of access control that can be called in any circumstance to gate views or derive what functionality of the site a given user type is allowed to execute. This instance, and any instance whereby a user is validated or something the user has provided is validated, are all processed through appropriately named and manageable controllers that link with a given singular or set of views.

Eliminating the context of Reflux, it encompasses key aspects that most web applications elicit in managing content in some fashion. Features that govern its capabilities in handling and displaying data as submitted by its user-base. The importance of security does not present itself on the frontend in Reflux, but is the most vital considerable non-functional requirement at play that ensures that each functional requirement cannot be utilised in undesirable ways, or ways in which the CIA triad of the application itself is at stake. In a business sense, the sellable idea of Reflux is within the context as outlined, and not within these security implementations. However, it stresses the valuable and necessary inclusion and consideration of security layers in applications that function similarly to Reflux, such as competitive technologies or any that exude a capacity of allowing an established user-base to get, post, patch, and destroy data of a contextual or arbitrary nature. In a given circumstance of normal usage, validation is performed in most if not all cases of executing a function of the site, especially when handling data. Most prominently, access control and input validation provide a backend foundation of aspects of the site that perform the aforementioned. When examining competitive solutions, security implementations were not a presented issue, but rather in how said solutions communicate the intended executable action behind elements in a given situation. It was discerned that the user interface itself must cleanly and concisely achieve this communication, which is an area whereby, in some respects, alternatives falter. Stylistically, a modern approach to design was taken in melding elements to the functionality that which they govern in a fashion that achieves just as what was proposed, and in Laravel, the blade templating engine ensures that Reflux’s views include reusable components that are global to the site, reducing redundancy, establishing a set theme, and streamlining the refactoring process.

Item Type: Thesis (Undergraduate)
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science

Q Science > QA Mathematics > Computer software
T Technology > T Technology (General) > Information Technology > Computer software
Divisions: School of Computing > Bachelor of Science (Honours) in Computing
Depositing User: CAOIMHE NI MHAICIN
Date Deposited: 07 Nov 2018 16:31
Last Modified: 07 Nov 2018 16:40
URI: http://trap.ncirl.ie/id/eprint/3481

Actions (login required)

View Item View Item