fi=113 Tietojenkäsittely ja informaatiotieteet|sv=113 Data- och informationsvetenskap|en=113 Computer and information sciences|
https://www.doria.fi:443/handle/10024/92070
2024-03-28T20:41:37ZAutomatic deployment of a PrestaShop web shop
https://www.doria.fi:443/handle/10024/188785
Automatic deployment of a PrestaShop web shop
Berg, Mattias
The objective of this thesis is to create a solution for automatic deployment of a PrestaShop web shop to allow for a faster, more streamlined, and less error-prone way of working. Based on the wishes of the stakeholders, the solution should introduce as few new tools as possible. After some investigation of what tools are already installed when developing PrestaShop-based web shops, a solution based on the Python programming language was chosen as it was able to integrate smoothly with most frameworks for automatic deployment. The solution consists of three features, of which the first and main feature is to create a new web shop. This is the most programmatically complex feature and with the modular approach in the design of the solution it will allow for a high level of code reuse. The other two features are to delete a web shop and modify a web shop. Modifying a web shop was initially scoped to be able to change multiple parts of the web shop but was eventually reduced to only the adding of new PrestaShop modules. The solution is successfully able to automatically create and deploy a new web shop to a server, delete it, and modify it in limited ways. It unfortunately falls short when it comes to the continued way of working after a deployment, as it is not able to keep changes made through the web browser synchronized with what it is trying to deploy from. A key lesson learned is that DevOps practices will need to take the full lifecycle into account or risk falling short and creating new problems where there previously were none.
2024-03-28T09:38:40ZAn evaluation of how web frameworks support developers to build secure applications
https://www.doria.fi:443/handle/10024/188682
An evaluation of how web frameworks support developers to build secure applications
Leppänen, Kim
An increasing number of applications are being built for the web. For this task, developers typically use a number of different frameworks to ease and speed up the development. Frameworks can make complex problems easy by providing tools, patterns and abstraction layers, but can frameworks help developers in one often forgotten area: the application’s security?
Vulnerabilities in web applications can originate from many different sources. A vulnerability might exist due to improper implementation, but also due to poor design. A feature that has been designed in an insecure manner, cannot necessarily be made secure even with a perfect implementation.
The purpose of this thesis is to evaluate how modern web frameworks can help developers build more secure applications. What aspects of security is something a framework can independently manage, what kind of tools can a framework provide the developer to guide them build secure software and what parts of the security is such that a framework cannot manage and is left solely as the responsibility of the developer.
An example application using Vaadin Flow and Spring Boot frameworks, both modern Java based tools, was written for this thesis. The example application was then security tested for vulnerabilities described in the OWASP Top Ten list. The purpose of the evaluation was to understand, which vulnerabilities were directly mitigated by the frameworks and which aspects of the application security is something the developers must understand and mitigate themselves.
This thesis found that only a few explicit technical vulnerabilities were mitigated by the frameworks, while some of the vulnerabilities were such that frameworks could guide the developers by providing tools, but could not ensure full mitigation of the vulnerabilities. To properly secure an application, collaboration is needed between software, network, system, and security engineers, and good DevSecOps practices need to be implemented.
2024-03-05T15:24:29ZExploring GitOps for Smaller-Scale Applications
https://www.doria.fi:443/handle/10024/188668
Exploring GitOps for Smaller-Scale Applications
Nordström, André
This thesis explores the application of GitOps principles beyond the Kubernetes ecosystem, specifically focusing on the potential usage in smaller-scale applications. The primary objective is to find out the viability of implementing GitOps principles, as defined by the OpenGitOps project, without relying on Kubernetes. A Docker-based GitOps operator is developed as a proof-of-concept to explore the practicality of GitOps principles without using Kubernetes.
Fundamental concepts and tools used in GitOps workflows are discussed in the thesis to provide an understanding of what is needed in the workflow. The primary focus involves implementing a proof-of-concept GitOps operator and conducting a comparative analysis between this operator and an existing Kubernetes GitOps operator.
The evaluation suggests that both operators align with GitOps principles. However, the Kubernetes-based operator offers a broader range of features at the cost of increased resource demands and expertise required to use it, while the alternative operator remains lightweight and potentially simpler to manage.
Nevertheless, various factors need to be taken into account when implementing a custom operator. There is insufficient information and research of GitOps operators apart from their usage in Kubernetes. Further research and development is necessary, and the reliability and security aspects of such operators require additional investigation.
2024-02-28T08:54:10ZEmpowering Interviewer Training : Web application version development report
https://www.doria.fi:443/handle/10024/188580
Empowering Interviewer Training : Web application version development report
Arokari, Olli
This Master's thesis is about the development project of Empowering Interview Training (EIT), specifically its web application version, based on a previous EIT version written in VB.NET. The purpose of EIT is to conduct research about solving quality issues when it comes to interviewing suspected victims of child sexual abuse (CSA), which are part of criminal investigations. EIT is an interview training tool, and research is focusing on whether such a tool can reliably be used for training professionals in order to increase the quality of the interviews. Research has also explored if such a tool can be used to not only train, but also maintain a sufficient level of quality of the interviews.
The introductory part of the thesis presents the underlying issue regarding the quality of interviews with children suspected of being the victims of sexual abuse, and how research is being conducted on the use of EIT as means to improve the interview quality. Additionally, the introduction explains the issues regarding the previous version of EIT, and how a web application version could potentially solve many of them. The background chapter continues by presenting the previous version of EIT in more detail, and introduces how the training is conducted. The background chapter also introduces the reader to the basics of computer networking and web development.
The development of the web application is presented in three phases. The first phase presents the requirements, architecture, initial release, and challenges faced during the phase. The second phase focuses on further development of EIT through improvements, new features, and correcting issues discovered through use of the application. The second phase also explains the deployment of the application to Microsoft Azure, and how Japanese collaborators aided the development through feedback as a result of testing the application. The third phase presents an attempt at automating the recognition of question types using artificial intelligence, which ultimately became a proof of concept with everything in place except a properly trained machine learning model.
The thesis concludes with an observed status of the application in 2023, and recommendations for further development.
2024-02-20T11:53:49Z