mirre-mt/masters-thesis
Archived
1
0
Fork 0
Code Releases 1 Activity
This repository has been archived on 2023-09-01. You can view files and clone it, but cannot push or open issues or pull requests.
final
masters-thesis/tex/conclusion.tex
surtur 60fe90ffcc
tex: rework conclusion
2023-08-25 03:03:35 +02:00

44 lines
2.2 KiB
TeX
Raw Permalink Blame History

% =========================================================================== %
\nn{Conclusion}
The objectives of the thesis have been to create a tool that would enable users
to verify the potentiality of their compromise in time, i.e. monitor it, by
validating the assumptions on the security of their credentials.
In the theoretical part, conceptual foundations and technical underpinnings of
common pieces of the infrastructure were attended to and explained, with a
focus relating to creating web applications. Additionally, security mechanisms
such as Site Isolation and Content Security Policy, commonly employed by
mainstream browsers of today, were briefly introduced and it was proven how
Content Security Policy could be configured simply and quickly. Furthermore,
the criteria for local and online data sources were evaluated.
An extensive body of the thesis then revolved around the practical part,
describing everything from tooling and development processes used, to
high-level view of application architecture, and then dove into implementation
details of specific parts of the application across the stack. Import of local
breach data and constructing database queries using a graph-like API were also
highlighted.
Various deployment and configuration scenarios were considered, the validation
methods used to verify the correct working of the application were described
and justified, and the practical part concluded by showing screenshots of the
application in use.
The list of potential improvements for the future may also be amended by adding
\emph{fuzzing} tests for the program to help uncover potential bugs, producing
Software Bill of Materials to aid in ensuring compliance, and utilising
additional immutable database for activity logs.
The program does have a very solid core, it listens for OS signals and can
handle shutdowns gracefully. It supports structured logging, with the option to
plug in a log exporter. Most importantly, it gives users a tool in the battle
against the always vigilant attackers that are after their passwords.
Even though it might not be called an utterly \emph{finished} project yet, it
can already serve a clear purpose.
% =========================================================================== %
View Git Blame Copy Permalink