5 Replies - 1179 Views - Last Post: 29 December 2013 - 02:07 PM

#1 Bivcala  Icon User is offline

  • New D.I.C Head

Reputation: -2
  • View blog
  • Posts: 30
  • Joined: 23-November 11

Are cross site scripting attacks and sql injection a good topic for my

Posted 29 December 2013 - 12:54 PM

So I'm doing my undergraduate college thesis, I would like to explore how cross site scripting sql injections occur. And for the purpose of the thesis I'd also like to create a fictional website that is vulnerable to cross site scripting and sql injection and then evaluate the different ways that such attacks could be prevented by using vulnerability scanners and other methods. Though, I think this topic would be too simple for a thesis, does anyone have any suggestions on what else to add that would add some more complexity to this topic?

Thanks

Is This A Good Question/Topic? 0
  • +

Replies To: Are cross site scripting attacks and sql injection a good topic for my

#2 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7303
  • View blog
  • Posts: 12,160
  • Joined: 19-March 11

Re: Are cross site scripting attacks and sql injection a good topic for my

Posted 29 December 2013 - 01:37 PM

Where I come from, a thesis is meant to be a contribution, however minor a one, to the existing literature. What's the question you're trying to address here? What are you doing that's new and useful? What's the contribution?

Discussing vulnerabilities by exhibition is certainly a viable model, but it sounds like you're coming up with the experiment before you've got the question. Try it the other way around: come up with interesting questions to ask, and then think of ways to ask them.

Once you've come up with a few interesting questions, write them up as draft proposals, see which ones feel like they have some legs, and discuss the question with your adviser.
Was This Post Helpful? 1
  • +
  • -

#3 Bivcala  Icon User is offline

  • New D.I.C Head

Reputation: -2
  • View blog
  • Posts: 30
  • Joined: 23-November 11

Re: Are cross site scripting attacks and sql injection a good topic for my

Posted 29 December 2013 - 01:47 PM

View Postjon.kiparsky, on 29 December 2013 - 01:37 PM, said:

Where I come from, a thesis is meant to be a contribution, however minor a one, to the existing literature. What's the question you're trying to address here? What are you doing that's new and useful? What's the contribution?

Discussing vulnerabilities by exhibition is certainly a viable model, but it sounds like you're coming up with the experiment before you've got the question. Try it the other way around: come up with interesting questions to ask, and then think of ways to ask them.

Once you've come up with a few interesting questions, write them up as draft proposals, see which ones feel like they have some legs, and discuss the question with your adviser.


My advisor has no idea about this field. He doesn't anything about software vulnerabilities etc. That's why I am asking on this forum.
Was This Post Helpful? 0
  • +
  • -

#4 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7303
  • View blog
  • Posts: 12,160
  • Joined: 19-March 11

Re: Are cross site scripting attacks and sql injection a good topic for my

Posted 29 December 2013 - 01:51 PM

Then you should probably find a topic your adviser can help you on, or else find an adviser who can help you on something you want to write on. Do you think you're going to be able to write a worthwhile thesis without competent help? I don't.
Was This Post Helpful? 1
  • +
  • -

#5 Bivcala  Icon User is offline

  • New D.I.C Head

Reputation: -2
  • View blog
  • Posts: 30
  • Joined: 23-November 11

Re: Are cross site scripting attacks and sql injection a good topic for my

Posted 29 December 2013 - 02:01 PM

View Postjon.kiparsky, on 29 December 2013 - 01:51 PM, said:

Then you should probably find a topic your adviser can help you on, or else find an adviser who can help you on something you want to write on. Do you think you're going to be able to write a worthwhile thesis without competent help? I don't.


it's too late for me to change topics, my topic proposal is already approved by my supervisor, I'm struggling to come up with research questions
Was This Post Helpful? 0
  • +
  • -

#6 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7303
  • View blog
  • Posts: 12,160
  • Joined: 19-March 11

Re: Are cross site scripting attacks and sql injection a good topic for my

Posted 29 December 2013 - 02:07 PM

As I said:

Quote

come up with interesting questions to ask, and then think of ways to ask them.

Once you've come up with a few interesting questions, write them up as draft proposals, see which ones feel like they have some legs, and discuss the question with your adviser.


Your adviser may not know anything about security questions, but they'll surely be able to help you craft a workable thesis topic which will be worth your time. The point is, you have someone whose job it is to advise you, and that person knows a lot more about the requirements of your project than we do. Talk to them.

There are many open questions in this area. Review the literature, see what people are working on, and see if there's something that you can do that's not a textbook problem.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1