AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Nidan - A Security Search Engine for The World Wide Web

Authors

;

Term

4. term

Education

Software, Master

Publication year

2019

Submitted on

Pages

43

Abstract

Rapporten præsenterer Nidan og KNAS, to værktøjer til at kortlægge websites og identificere sikkerhedssårbarheder. Nidan er en automatiseret webcrawler, der besøger sider og indsamler alt indlæst JavaScript, cookies og relaterede metadata. Data gemmes i en velstruktureret relationsdatabase. KNAS behandler disse data og finder kendte sårbarheder i JavaScript-biblioteker, indholdsstyringssystemer (CMS) og serversoftware. Værktøjerne blev testet på ca. 2 % af hele .dk-zonefilen (listen over .dk-domæner). I testen fandt KNAS sårbar software på 40,47 % af websites; 92,49 % af de sårbare sites havde sårbarheder fra sidste år eller ældre, hvilket tyder på, at mange sjældent opdaterer deres software. De indsamlede data gør det også muligt at analysere cookies. Da Nidan kun besøger sider uden at interagere eller give samtykke, vil tracking-cookies sat ved besøg være i strid med GDPR og EU's cookielov, som generelt kræver samtykke før sporing.

This report presents Nidan and KNAS, two tools for scanning websites and identifying security issues. Nidan is an automated web crawler that visits pages and collects all loaded JavaScript, cookies, and related metadata. The data are stored in a well-structured relational database. KNAS processes these data to detect known vulnerabilities in JavaScript libraries, content management systems (CMS), and server software. The tools were tested on about 2% of the .dk zone file (the registry of .dk domain names). In this test, KNAS found vulnerable software on 40.47% of websites; 92.49% of the vulnerable sites had issues from the previous year or older, indicating that many sites rarely update their software. The data collected by Nidan also make it possible to analyze cookies. Because Nidan only visits pages without interacting or giving consent, any tracking cookies set on visit would be in breach of GDPR and the EU’s cookie law, which generally require user consent before tracking.

[This abstract was generated with the help of AI]

Keywords

security ; web application ; vulnerabilities ; pentest

Documents

Download
View record in AAU Student Projects