AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Nidan - A Security Search Engine for The World Wide Web

Authors

;

Term

4. term

Education

Software, Master

Publication year

2019

Submitted on

Pages

43

Abstract

In this report, the development and usage of Nidan and KNAS are described. Nidan is a systematic webcrawler which collects all loaded JavaScript, cookies, and related metadata and stores it in a well-strutured relational database. KNAS is a data-processing tool that detects vulnerabilities connected to each visted website. These include vulnerabilities in the implemented JavaScript libraries, CMSs, and server software. Nidan and KNAS has been tested on around 2 % of the entire .dk zone file. This test showed that KNAS detected vulnerable software on 40.47 % of the websites. 92.49 % of the vulnerable websites have vulnerabilities from last year or older, meaning that the vast majority of vulnerable sites rarely update their software. From the data collected by Nidan, it is also possible to analyze the cookies. Since Nidan makes no interaction with the websites other than visiting, all tracking cookies sat break the GDPR and EU's cookie law.

Keywords

security ; web application ; vulnerabilities ; pentest

Documents

Download
View record in AAU Student Projects