https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/80 This community include all MIS Postgraduates Theses from 2013 to 2017 Tue, 28 Apr 2026 13:08:17 GMT 2026-04-28T13:08:17Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4042 Title: Analyze vulnerabilities of source codes published on open forums Authors: Desapriya, S.T.S.T. Abstract: Web applications and mobile applications are extremely popular in the society and also became a part of the human lives. These applications are used by different institutions including gov-ernments for different purposes allowing them to access sensitive information and perform crit-ical operations. Software developers are using many development languages to develop these applications by writing thousands of lines of code, with or without security in mind. Common practice among software developers is that they use open forums to share, suggest code exam-ples and also to look for a suggestion for a problem they face or situation they need to address. Since these open forums are extremely popular among developer community, they tend to use those source examples, for the development of their applications. Because of that source code examples in open forums make direct impact on real world software application, for developers, it is important to have a method of verifying these source code samples and make sure they are free of security vulnerabilities before using. Project aims to solve this problem by developing a simple, user friendly tool, which is capable of analyzing the security vulnerabilities of the source code samples published on open forums. The methodology used is, download large set of source code samples from an open forum, perform a static analysis using a reliable commercial tool, extract the results and create a knowledge-base of vulnerable source snippets, which can be used by the developed tool, to detect vulnerabilities of a particular source code block. Stackoverflow is selected as the open forum and five widely used programming languages, CSharp, Java, PHP, Python and JavaScript were selected for the analysis. Checkmarx is the static analysis tool selected. Over twenty-seven thousand source code samples used for the analysis and over thousand four hundred vulnera-bilities detected by Checkmarx. The Project delivers five main components. Python based crawler used to crawl through Stacko-verflow and download source code samples. Data importer component, developed using csharp, used to import the results given by Checkmarx in to the knowledge base. Dashboard with vari-ous graphs and charts to show the results of the analysis is also developed using csharp. Chrome browser plugin, which is capable of analyzing a selected source code block, for potential vul-nerabilities by referring the knowledge base, is developed as the tool. Finally, MS SQL server used to create the knowledge base which holds all the vulnerability data provided by Checkmarx. The solution can influence the developers to write more secure code during the development of the project and also make them aware about the security vulnerabilities, which will ultimately make the software rugged. Project would be much more interest for those who involve in soft-ware development related areas and also for application security analysts who are interested and very keen on static analysis. Sun, 01 Jan 2017 00:00:00 GMT https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4042 2017-01-01T00:00:00Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4041 Title: BYOD Security Enhancement using Log Correlation in Corporate Environments Authors: Gunaratne, G. Y. C. L. Abstract: Bring Your Own Device (BYOD) is a concept in information technology that has become a prominent topic in the recent past. This concept continues to gain popularity due to its ability to give mobility and flexibility to IT operations in organizations. However, due to the rapid growth in the usage of mobile devices in corporate environments, many security concerns and risks have risen, which can easily compromise the business information and cause IT processes in organizations to malfunction. In my opinion, the effective use of BYOD can be beneficial to both the organization as well as the employees of that organization. In the one hand, corporate organizations will save money because it is no longer necessary to invest on purchasing electronic devices for every employee. On the other hand, employees will also find more satisfaction in getting their personal devices such as smart phones, tabs and laptops involved in work. However, this would also mean that employees will be able to access corporate information using personal devices, which are not always monitored by the organization. Further, employees may intentionally or unintentionally perform vulnerable activities using the BYOD equipment that can breach the security of organizational information. Such activities may also expose the corporate network and its information and assets to unauthorized parties. Thereby, even though BYOD brings mobility, convenience and more satisfaction to the work environment, the confidentiality and integrity of corporate information will be at risk. Therefore, to gain the maximum benefits from BYOD, special security measures that can ensure the safety of the organization’s information should be implemented. This is the main challenge in using the BYOD concept in corporate organizations. In spite of these challenges, BYOD is adopted in many corporate organizations at present as an accepted and properly defined concept because of its potential to contribute towards the organization’s efficiency. This study will focus on addressing the security concerns that threaten the effective use of this concept in organizations. In this study, I will look into analysing patterns in the traffic generated from BYOD equipment and focus on methods that can mutually relate these facts for suspected activities. The information gathered from this analysis will be helpful to enhance the security of BYOD equipment in corporate environment. Sun, 01 Jan 2017 00:00:00 GMT https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4041 2017-01-01T00:00:00Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4040 Title: A Case Study on Human Tracking through Passive Wi-Fi tomography Authors: ABEYWARDANE, E. H. G. P. N. Abstract: In the modern networking terminologies Wi-Fi plays a very important role which is a popular technology that uses radio waves to transmit data. In this research, it is mainly aimed on proof of concept for a Human Tracking with Wireless (Wi-Fi) tomography. In my research, I used Radio Tomographic Imaging (RTI) technologies to prove that humans can be track by analyzing the wireless signals Receive Signal Strength Indicator (RSSI) value. The main concern of this research is by capturing the Wireless Signals of an indoor environment from outside the premise and generate a Radio Tomographic Image and find out the co-relation of captured data with the human behaviors of the interior environment. Through this study, I want to emphasis that without actually staying in the required environment, anyone can come into conclusion on human behaviors by capturing the signals by staying outside and nearby. The identifiable significant difference in the RSSI value is used throughout the imaging and analyzing process. For this I collected data on real world scenarios, analyzed them and used mathematical and statistical approaches for the analyzing part. There are only limited number of research studies that have been carried out in this field. Thus, I have given an overview of investigating Human tracking that can be done in Wi-Fi band. This thesis is organized to show my research methods and knowledge obtained by analyzing the data in the above. Finally, I hope the discussions which are focused on Radio Tomographic technologies and how humans can be tracked with Wi-Fi tomography may profit further studies in this field. Sun, 01 Jan 2017 00:00:00 GMT https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4040 2017-01-01T00:00:00Z https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4039 Title: Defense In-depth security framework for Netflix OSS Micro Services Authors: Walpita, P.A. Abstract: Micro Services architectural pattern has emerged in recent years mainly because of its capabilities to handle high data volumes in a robust manner. The perceptions like Dev Ops and Domain Driven Design also helped to develop this architectural pattern in to its current heights. Many enterprise systems which has large amount of transactional data volumes adopting Microservices architecture because of many enablers it provides. The Security of Microservices considered as utmost important feature because of the security threats escalated in recent years. The threats that are targeting Microservices eco system can be categorised as external and internal threats. Many industrial level Microservice implementations taken precautions about protecting the Microservices eco system from external attacks. The security measurements that are taken to protect a Microservice eco system from internal attacks are also an important aspect if the internally communicating data are sensitive in nature. Internal threats can be identified as vulnerabilities which can be exploit by an adversary internal to the organization. Netflix is one of the early adopters of Microservices architectural pattern and the Netflix OSS emanates as an open source platform with a practical Micro Services success story. This Paper discusses about hardening the Internal service calls of the Netflix OSS Microservices and discusses the possibilities of eliminating vulnerabilities within the internal perimeter. The measurements that are taken to protect internal microservices in Netflix OSS can be adopted generally in any other Microservice eco system as well. Sun, 01 Jan 2017 00:00:00 GMT https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4039 2017-01-01T00:00:00Z