Effectiveness of Yii 2.0 Framework in Developing a Secure Web Application



Teoh, Jia Jun (2017) Effectiveness of Yii 2.0 Framework in Developing a Secure Web Application. Final Year Project (Bachelor), Tunku Abdul Rahman University College.

[img] Text
Teoh Jia Jun_FULL TEXT.pdf
Restricted to Registered users only

Download (3MB)


Web application frameworks are developed to ease developers in developing a web application within a reduced time. This project was carried to determine whether web application framework such like Yii 2.0 framework can effectively used to develop a secure web application. The highlight of this project was focused on SQL injection (one of the OWASP Top 10 web application vulnerabilities. The project was planned to develop a dummy web application using Yii 2.0 framework and then perform manual and automated testing on it. The testing was based on OTG-INPVAL-005 SQL Injection Testing (MEUCCI and Muller, 2014). White-box testing is used in this project. The types of SQL injection testing included Boolean-base injection, time-base injection, alternate encoding, stacked query and comment query. For automated testing, sqlmap and sqlsus was used on Kali Linux 1.0. The results from the testing show that Yii 2.0 framework is effective enough to resist from SQL injection attacks. However, this testing was limited to form inputs and URL query strings, other injection medium such like cookie and HTTP header are not being tested. Keywords: Yii2.0 Security, SQL Injection, Secure Web Application Development, PHP Framework

Item Type: Final Year Project
Subjects: Technology > Technology (General) > Information technology. Information systems
Science > Computer Science > Websites
Faculties: Faculty of Applied Sciences and Computing > Bachelor of Information Technology (Honours) in Information Security
Depositing User: Library Staff
Date Deposited: 09 Aug 2019 08:02
Last Modified: 18 Apr 2022 02:45
URI: https://eprints.tarc.edu.my/id/eprint/4842