Implementation and Security Evaluation of User-Customized Content in a Mobile Application

Companies offering a service application targeting a broad audience often have difficulties meeting all user requirements since many users have unique needs. Allowing users to define and create content for service applications themselves, which addresses their specific needs, would be a welcomed solution. This would allow developers to focus on the main aspects of the service application, whereas the users themselves can include individual end-user aspects. User-customized content can be used as a selling point for the companies and opens up possibilities for providing a better user experience for each unique end user. This thesis describes the process of creating a prototype system that provides a solution for including user-customized content in a mobile application service system. First, we describe requirement elicitation followed by design and the actual implementation. Furthermore, security is a frequent topic whenever a digital application is discussed today. Therefore, the system creation process is followed up with an investigation of how the resulting application security aspect can be evaluated. After investigating different possibilities, a security evaluation case study on the application is performed. The results show a functioning system that allows customers to customize the content that is rendered inside a cross-platform mobile application. The results from the security evaluation investigation also show that the Open Web Application Security Project (OWASP) Mobile Security Testing Guide (MSTG) framework can be adapted and used for security evaluation of a cross-platform mobile application, even though it targets native applications. The resulting system satisfies most of the requirements for the targeted security level but does not satisfy all requirements for a normal production level mobile application according to the OWASP Mobile Application Security Verification Standard (MASVS). However, the results indicate that there is potential to reach the desired security level by adapting the system to use pure React Native with some native code additions

Implementation and Security Evaluation of User-Customized Content in a Mobile Application

Companies offering a service application targeting a broad audience often have difficulties meeting all user requirements since many users have unique needs. Allowing users to define and create content for service applications themselves, which addresses their specific needs, would be a welcomed solution. This would allow developers to focus on the main aspects of the service application, whereas the users themselves can include individual end-user aspects. User-customized content can be used as a selling point for the companies and opens up possibilities for providing a better user experience for each unique end user. This thesis describes the process of creating a prototype system that provides a solution for including user-customized content in a mobile application service system. First, we describe requirement elicitation followed by design and the actual implementation. Furthermore, security is a frequent topic whenever a digital application is discussed today. Therefore, the system creation process is followed up with an investigation of how the resulting application security aspect can be evaluated. After investigating different possibilities, a security evaluation case study on the application is performed. The results show a functioning system that allows customers to customize the content that is rendered inside a cross-platform mobile application. The results from the security evaluation investigation also show that the Open Web Application Security Project (OWASP) Mobile Security Testing Guide (MSTG) framework can be adapted and used for security evaluation of a cross-platform mobile application, even though it targets native applications. The resulting system satisfies most of the requirements for the targeted security level but does not satisfy all requirements for a normal production level mobile application according to the OWASP Mobile Application Security Verification Standard (MASVS). However, the results indicate that there is potential to reach the desired security level by adapting the system to use pure React Native with some native code additions

Implementation and Security Evaluation of User-Customized Content in a Mobile Application

Companies offering a service application targeting a broad audience often have difficulties meeting all user requirements since many users have unique needs. Allowing users to define and create content for service applications themselves, which addresses their specific needs, would be a welcomed solution. This would allow developers to focus on the main aspects of the service application, whereas the users themselves can include individual end-user aspects. User-customized content can be used as a selling point for the companies and opens up possibilities for providing a better user experience for each unique end user. This thesis describes the process of creating a prototype system that provides a solution for including user-customized content in a mobile application service system. First, we describe requirement elicitation followed by design and the actual implementation. Furthermore, security is a frequent topic whenever a digital application is discussed today. Therefore, the system creation process is followed up with an investigation of how the resulting application security aspect can be evaluated. After investigating different possibilities, a security evaluation case study on the application is performed. The results show a functioning system that allows customers to customize the content that is rendered inside a cross-platform mobile application. The results from the security evaluation investigation also show that the Open Web Application Security Project (OWASP) Mobile Security Testing Guide (MSTG) framework can be adapted and used for security evaluation of a cross-platform mobile application, even though it targets native applications. The resulting system satisfies most of the requirements for the targeted security level but does not satisfy all requirements for a normal production level mobile application according to the OWASP Mobile Application Security Verification Standard (MASVS). However, the results indicate that there is potential to reach the desired security level by adapting the system to use pure React Native with some native code additions

Web development with Flask and WordPress

Denna rapport handlar om ett projekt åtta studenter på Linköpings universitet genomförde våren 2017, inom ramarna för kursen TDDD96: Kandidatprojekt i programvaruutveckling. Fokuset i projektet var att bygga upp en ny webbplats åt en kund, Musikaliska konstföreningen, som ska ersätta deras gamla webbplats. Projektgruppen valde att göra detta med hjälp av verktyget WordPress. Gruppen valde också att göra en alternativ webbplats med programmeringsspråket Python och ramverket Flask, för att sedan jämföra resultatet mot WordPress-resultatet. Det gruppen valde att jämföra är vilket stöd WordPress respektive Flask ger åt utvecklarna, och vilket av dem som ger lämpligast resultat för kunden. Resultatet blev en färdig hemsida uppbyggd med WordPress, och en prototypsida uppbyggd med Python och Flask. Resultatet visar att det är enklare att få en färdig sida med hjälp av WordPress, men att man genom att skriva kod från grunden i Flask kan få ett betydligt mer användaranpassat system. När det kommer till faktorer som driftkostnader och stöd så visade det sig att WordPress har en klar fördel i jämförelse med Flask