Security in Web Applications and the Implementation of a Ticket Handling System

Abstract: Today the Internet is filled with various web applications. One category of things that can cause a lot of problems are security holes. Some of them are due to programming mistakes, some due to inexperience, or in other ways failure to protect the system against harmful input. Part one of this thesis will look into some common problem areas in web application security and how to make those areas less problematic. There will be a summary of those problem areas and also some more detailed explanations. These areas include SQL injections and Cross-Site Scripting which, by prominent security companies, are deemed to be the most problematic areas on the web right now regarding security. Part two is the implementation of a ticket handling system for computer support at Department of Computing Science, Umea University. Such a system is responsible for receiving requests from employees and students, and managing them in a way that is easy to overview and handle. Having helpful supporting systems will, in turn, make it easier to provide good support to the employees and students. Knowledge from part one of this thesis is used to make the implementation in part two a secure application.