Research and implementation of cibersecurity techniques in the backend of a web application.

Abstract

The purpose of this Thesis was to eliminate the vulnerabilities that threaten the database of a web application and to research and document potential improvements that provide greater security to the web application. This thesis provides a theoretical analysis of each of the possible techniques that eliminate these threats to the system culminating with the implementation of these techniques. Besides, it has been done a research work on possible additions that improve the security of the system. This work was carried out to analyze the best security techniques to be implemented on a web application, in addition to improving the analysis, programming and cybersecurity knowledge of the author.

The methodology fort his thesis can be summarized as follows: study of the threat in question, assessment of its degree of criticality, study of possible implementation techniques to eliminate it, analysis of which of these techniques fit the system best, and (in many cases) implementation of this technique. The main results have been, on the one hand, the elimination of threats such as Clickjacking, SQL Injection Attack, Application Error Disclosure and, onn the other hand, the documentation that results from the research work of the system and that can serve to improve the backend security of the web application. The significance of the results will allow the reader to understand the relevance of the threats to which a web application is subjected, and also why one defense technique is better than another and how to implement it. In addition, the thesis presents the results of an investigation about how to improve the database , which can be applied to improve the security of any other database.