Development and Security Testing of a Job Booking Web Application for Nail and Barber Services
Nguyen, Ngo; Vu, Tho (2025)
Nguyen, Ngo
Vu, Tho
2025
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025060420187
https://urn.fi/URN:NBN:fi:amk-2025060420187
Tiivistelmä
Rapid advancements in web development have made JavaScript and its frameworks indispensable for
building modern online applications. Among them, React.js is widely appreciated for its component-based
structure, flexibility, and large developer community. For backend services, Express.js and Flask are light
weight yet powerful frameworks that help create fast, scalable APIs. Express.js leverages the speed of
Node.js, while Flask provides a simple and clean structure for Python developers. This thesis focuses on cre
ating a full-stack web application for booking nail and hair styling services. The system integrates React.js
for the frontend and combines Express.js and Flask to manage backend processes such as authentication,
booking management, and data processing. The application aims to deliver a smooth user experience while
maintaining a modular and maintainable codebase.
In addition to development, the project also emphasizes basic web application security. Tools such as
OWASP ZAP and Snyk are used to identify vulnerabilities like cross-site scripting (XSS), insecure dependen
cies, and server misconfigurations. These issues are addressed using secure coding practices and preventive
techniques. The final result is a functional and deployable application, supported by full documentation
covering technical implementation, theoretical background, and a summary of the security issues found
and resolved. This thesis demonstrates both practical full-stack development skills and an understanding of
modern security best practices.
building modern online applications. Among them, React.js is widely appreciated for its component-based
structure, flexibility, and large developer community. For backend services, Express.js and Flask are light
weight yet powerful frameworks that help create fast, scalable APIs. Express.js leverages the speed of
Node.js, while Flask provides a simple and clean structure for Python developers. This thesis focuses on cre
ating a full-stack web application for booking nail and hair styling services. The system integrates React.js
for the frontend and combines Express.js and Flask to manage backend processes such as authentication,
booking management, and data processing. The application aims to deliver a smooth user experience while
maintaining a modular and maintainable codebase.
In addition to development, the project also emphasizes basic web application security. Tools such as
OWASP ZAP and Snyk are used to identify vulnerabilities like cross-site scripting (XSS), insecure dependen
cies, and server misconfigurations. These issues are addressed using secure coding practices and preventive
techniques. The final result is a functional and deployable application, supported by full documentation
covering technical implementation, theoretical background, and a summary of the security issues found
and resolved. This thesis demonstrates both practical full-stack development skills and an understanding of
modern security best practices.