tex: rework conclusion
This commit is contained in:
parent
ca4e387b53
commit
60fe90ffcc
SSH Key Fingerprint:
SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
@ -1,43 +1,43 @@
|
|||||||
% =========================================================================== %
|
% =========================================================================== %
|
||||||
\nn{Conclusion}
|
\nn{Conclusion}
|
||||||
|
|
||||||
The objectives of the thesis have been to create the Password Compromise
|
The objectives of the thesis have been to create a tool that would enable users
|
||||||
Monitoring Tool aimed at security-conscious user in order to validate their
|
to verify the potentiality of their compromise in time, i.e. monitor it, by
|
||||||
assumptions on the security of their credentials. The thesis opened by diving
|
validating the assumptions on the security of their credentials.
|
||||||
into cryptography topics such as encryption and briefly mentioned TLS.
|
|
||||||
|
|
||||||
Additionally, security mechanisms such as Site Isolation and Content Security
|
In the theoretical part, conceptual foundations and technical underpinnings of
|
||||||
Policy, commonly employed by mainstream browsers of today, were introduced and
|
common pieces of the infrastructure were attended to and explained, with a
|
||||||
the reader learnt how Content Security Policy is easily and dynamically
|
focus relating to creating web applications. Additionally, security mechanisms
|
||||||
configured.
|
such as Site Isolation and Content Security Policy, commonly employed by
|
||||||
|
mainstream browsers of today, were briefly introduced and it was proven how
|
||||||
|
Content Security Policy could be configured simply and quickly. Furthermore,
|
||||||
|
the criteria for local and online data sources were evaluated.
|
||||||
|
|
||||||
An extensive body of the thesis then revolved around the practical part,
|
An extensive body of the thesis then revolved around the practical part,
|
||||||
describing everything from tooling used through high-level view of
|
describing everything from tooling and development processes used, to
|
||||||
application's architecture to implementation of specific parts of the
|
high-level view of application architecture, and then dove into implementation
|
||||||
application across the stack.
|
details of specific parts of the application across the stack. Import of local
|
||||||
|
breach data and constructing database queries using a graph-like API were also
|
||||||
|
highlighted.
|
||||||
|
|
||||||
Finally, the practical part concluded by broadly depicting validation
|
|
||||||
methods used to verify if the application worked correctly.
|
|
||||||
|
|
||||||
The author would like to recognise that there are certain aspects of the thesis
|
Various deployment and configuration scenarios were considered, the validation
|
||||||
in the need of further development. It is necessary to admit that not
|
methods used to verify the correct working of the application were described
|
||||||
everything could have realistically been realised in the limited timespan and
|
and justified, and the practical part concluded by showing screenshots of the
|
||||||
scope imposed on the project to prevent diverging. The concerns mentioned above
|
application in use.
|
||||||
constitute clear candidates for future work of the author who intends to
|
|
||||||
improve on the existing state, for example accessibility-wise. The author's
|
|
||||||
unfamiliarity with the accessibility tooling sometimes compromised on the
|
|
||||||
quality in this segment of the application, but it is a known deficiency.
|
|
||||||
Furthermore, the list of tasks for the future may also contain adding
|
|
||||||
\emph{fuzzing} tests for the program, producing Software Bill of Materials,
|
|
||||||
utilising additional immutable database or unifying the frontend design
|
|
||||||
language across the pages.
|
|
||||||
|
|
||||||
The program does have a very solid core that for instance listens for OS
|
The list of potential improvements for the future may also be amended by adding
|
||||||
signals, handles graceful shutdown and supports structured logging but still
|
\emph{fuzzing} tests for the program to help uncover potential bugs, producing
|
||||||
has room for improvements, despite the fact that its creation has been
|
Software Bill of Materials to aid in ensuring compliance, and utilising
|
||||||
best-effort. Due to a number of reasons mentioned earlier, it should not be
|
additional immutable database for activity logs.
|
||||||
called an utterly \emph{finished} project yet, but it can already serve a clear
|
|
||||||
purpose.
|
The program does have a very solid core, it listens for OS signals and can
|
||||||
|
handle shutdowns gracefully. It supports structured logging, with the option to
|
||||||
|
plug in a log exporter. Most importantly, it gives users a tool in the battle
|
||||||
|
against the always vigilant attackers that are after their passwords.
|
||||||
|
|
||||||
|
Even though it might not be called an utterly \emph{finished} project yet, it
|
||||||
|
can already serve a clear purpose.
|
||||||
|
|
||||||
|
|
||||||
% =========================================================================== %
|
% =========================================================================== %
|
||||||
|
|||||||
Reference in New Issue
Block a user