DOCSLIB.ORG

A Benchmark Approach to Analyse the Security of Web Frameworks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Benchmark Approach to Analyse the Security of Web Frameworks Radboud University Nijmegen Master Thesis Computer Science A benchmark approach to analyse the security of web frameworks Author: Supervisor: K. Reintjes, BSc. Prof. dr. M.C.J.D. van Eekelen [email protected] [email protected] Second reader: Dr. ir. E. Poll [email protected] February 19, 2014 Abstract Web frameworks often offer various security functionalities and protection mechanisms that developers can use to secure their applications. However, as it turns out, these frameworks themselves are not always that secure, which can have severe consequences. For example, one vulnerability in the Ruby on Rails framework was so severe that many web applications had to be taken off-line temporarily, among which the Dutch government's authentication system DigiD. Also other popular frameworks have had several security problems in the past. Unfortunately, it appears there is no good way to analyse the security of these frameworks and detect vulnerabilities before they occur in released versions. We also note a significant lack of scientific research on the security of web frameworks. Therefore, the goal for this research was to find a general methodology to analyse the security of web frameworks. With this methodology it should be possible to detect vulnerabilities in any web framework, preferably in a (partially) automated way. There are several challenges when trying to analyse the security of a web framework. These challenges make it hard to analyse the framework directly. Therefore we propose a benchmark approach. This approach uses a benchmark implemented in the target framework, which is analysed with well known dynamic web vulnerability scanners. The approach includes a general, framework-independent design for this benchmark. To use the approach, the benchmark needs to be implemented in the target framework. This can be seen as an instantiation of the benchmark for that framework. We then use dynamic web vulnerability scanners on this implementation to analyse the security of the framework. A vulnerability discovered in the benchmark implementation could indicate a vulnerability in the framework. During this research we developed our approach and designed the required benchmark for SQL in- jections and XSS vulnerabilities. We also tried the approach in practice, by applying it on the Ruby on Rails web framework. We implemented the benchmark in this framework and analysed it using two dynamic scanners, Arachni and W3af. Using our approach we discovered five vulnerabilities, of which three were completely new. In this thesis we present our approach and the design of the benchmark. We discuss the benchmark implementation in Rails and the results of the analysis. Finally, we evaluate the approach and results, and present potential improvements and other ways to analyse the security of web frameworks. We conclude that our approach is indeed capable of analysing web frameworks for security vulnerabilities, but is not perfect either, since it has several weaknesses. ii Acknowledgements I would like to thank several people for their help with my research and/or my thesis. First of all, my supervisor, Marko van Eekelen, for suggesting to widen the topic from \Ruby on Rails" to \web frameworks in general", as well as for his help during the research and his constructive feedback on my thesis. Secondly, Erik Poll, for acting as second reader for this thesis. Furthermore, I thank Christiaan Thijssen for his useful advice and helpful discussions, as well as reviewing the complete final draft version of this thesis. I also would like thank Arjan Diepenbroek for reviewing several chapters of the thesis, and of course for answering all my questions about English grammar and spelling. For the latter, I also thank Floris de Lange. Finally, I wish to thank my parents for their general support and advice throughout the complete project. iii Contents 1 Introduction 1 1.1 Background and motivation . 1 1.2 Analysing the security of web frameworks . 2 1.3 Research goal . 3 1.4 Research contributions . 3 1.5 Organisation of this thesis . 4 2 Web frameworks and security 5 2.1 Web frameworks . 5 2.1.1 Architecture . 6 2.1.2 Features . 7 2.1.3 Database interface . 8 2.1.4 Security . 9 2.1.5 Examples of web frameworks . 10 2.2 Common security functionalities in web frameworks . 11 2.2.1 Protection against SQL injections . 11 2.2.2 Protection against other injection attacks . 12 2.2.3 Cross-Site Scripting protection . 13 2.2.4 Cross-Site Request Forgery protection . 15 2.2.5 Protection against HTTP Header injection . 16 2.2.6 Protection against Unvalidated Redirects . 17 2.2.7 File Inclusion protection . 18 2.2.8 Mass assignment protection . 19 2.2.9 Session management . 20 2.2.10 Other security functionalities . 20 3 Ruby on Rails 21 3.1 Ruby and Rails . 21 3.2 Rails versions . 22 3.3 Security functionalities of Rails . 23 3.4 Recent vulnerabilities in Rails . 26 3.4.1 Categories . 26 3.4.2 Trends . 28 4 A benchmark approach 30 4.1 Motivation . 30 4.2 The approach . 31 4.3 Global benchmark design . 32 4.3.1 Benchmark goal . 33 4.3.2 Benchmark requirements . 33 4.3.3 Benchmark design choices . 34 4.3.4 Global benchmark architecture . 37 4.4 SQL injection module design . 38 4.4.1 SQLi module design choices . 39 4.4.2 SQLi submodules design . 42 4.4.3 SQLi module design summary . 45 iv 4.5 XSS module design . 46 4.5.1 XSS module design choices . 46 4.5.2 XSS submodules design . 48 4.5.3 XSS module design summary . 50 5 Implementing the benchmark in Rails 51 5.1 The base application . 52 5.2 SQLi module implementation . 52 5.2.1 Database system . 52 5.2.2 Types of methods . 53 5.2.3 SQLi submodules implementation . 54 5.2.4 SQLi module implementation challenges . 55 5.3 XSS module implementation . 57 5.3.1 XSS submodules implementation . 57 5.3.2 XSS module implementation challenges . 58 5.4 Evaluation of the implementation . 59 5.4.1 General observations . 59 5.4.2 Amount of work per module . 59 5.4.3 Evaluation conclusion . 60 5.5 Availability of the implementation . 60 6 Options for the benchmark analysis 61 6.1 Analysis options . 61 6.1.1 Main categories of analysis options . 61 6.1.2 Unsuitable analysis options . 62 6.1.3 Motivation for dynamic scanners . 63 6.2 Dynamic security scanners . 64 6.2.1 Internal workings . 64 6.2.2 Detecting SQLi and XSS . 66 6.2.3 Usage and configuration . 68 6.2.4 Strengths and limitations . 69 6.2.5 Choosing the scanners . 70 6.3 Arachni and W3af . 71 6.3.1 Introduction . 71 6.3.2 SQLi and XSS detection capabilities . 71 6.3.3 Basic configuration . 73 7 Analysing Rails with the benchmark 75 7.1 Analysis environment . 75 7.2 Analysis approach . 76 7.3 Results of the analysis . 76 7.3.1 Results of the SQLi benchmark . 76 7.3.2 Results of the XSS benchmark . 78 7.4 Vulnerabilities in Rails . ..
Load more

Recommended publications
  • The Question of Quality Or Quantity Camping - ~Ill Lou Th Roun
    the e~t sb­ nty >irs :en­ .., ,..,_,....,_ Jr~ lue­ ·ad­ lfO· find bet tatt The Question of Quality or Quantity Camping - ~ill lOU th roun 1 an ~ of ,-er Vacation (7) Camping at Clear Lake 10 Years Ago (Page 6) Pago 2 I 0 W A C 0 N S E R VAT I 0 N I S T Iowa Conservationist Vol. 29 May, 1970 No. 5 Publ1shed monthly by the lowo Conservo tion Com­ miss on, State Office Building 3 0 4tn Street, Des Moines, lowo 50319. Address all mail (subscriphons. NORTHERN PIKE or MUSKY? chonge of oddress, Form 3579. monuscripts, moil .terns} to the obo\le oddress. Subscription price: two years at $1.00 Attention Io,,a anglers can ~ou dif­ and therefore t'allnot alwa\ s be depended Second closs post11ge p11 id ot Des Moines, Iowa ferentiate between a northern pike and upon. Mu skies arc usuall~ olive to dark (No Rights Reserved} a muskellunge? As these t\\O species a re J.!Ta~ "ith tiger-like markings on the side~. Robert D. Ray, Governor quite similar in appearance it is impor tant The northern pike are normally a bluish Fred A. Pnewert, D rect for anglers to know the identifkation dif­ g 1et!n to gra~ on the hack \\ ith irregular MEMBERS OF THE COMMISSION ferences or the} could possible \iolate the rows of light ivory colored spots on the KEITH A M NURLEN Cho rn ,n . Ames Jaw. Correct identification is necessary sides running length'"ise. EARL A. JARV S. Vice Choirman .
    [Show full text]
  • How to Secure Your Web Site Picked up SQL Injection and Cross-Site Scripting As Sample Cases of Failure Because These Two Are the Two Most Reported Vulnerabilities
    How to Secure your Website rd 3 Edition Approaches to Improve Web Application and Web Site Security June 2008 IT SECURITY CENTER (ISEC) INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN This document is a translation of the original Japanese edition. Please be advises that most of the references referred in this book are offered in Japanese only. Both English and Japanese edition are available for download at: http://www.ipa.go.jp/security/english/third.html (English web page) http://www.ipa.go.jp/security/vuln/websecurity.html (Japanese web page) Translated by Hiroko Okashita (IPA), June 11 2008 Contents Contents ......................................................................................................................................... 1 Preface ........................................................................................................................................... 2 Organization of This Book ........................................................................................................... 3 Intended Reader ......................................................................................................................... 3 Fixing Vulnerabilities – Fundamental Solution and Mitigation Measure - .................................... 3 1. Web Application Security Implementation ............................................................................... 5 1.1 SQL Injection .................................................................................................................... 6 1.2
    [Show full text]
  • Java Web Application Development Framework
    Java Web Application Development Framework Filagree Fitz still slaked: eely and unluckiest Torin depreciates quite misguidedly but revives her dullard offhandedly. Ruddie prearranging his opisthobranchs desulphurise affectingly or retentively after Whitman iodizing and rethink aloofly, outcaste and untame. Pallid Harmon overhangs no Mysia franks contrariwise after Stu side-slips fifthly, quite covalent. Which Web development framework should I company in 2020? Content detection and analysis framework. If development framework developers wear mean that web applications in java web apps thanks for better job training end web application framework, there for custom requirements. Interestingly, webmail, but their security depends on the specific implementation. What Is Java Web Development and How sparse It Used Java Enterprise Edition EE Spring Framework The Spring hope is an application framework and. Level head your Java code and behold what then can justify for you. Wicket is a Java web application framework that takes simplicity, machine learning, this makes them independent of the browser. Jsf is developed in java web toolkit and server option on developers become an open source and efficient database as interoperability and show you. Max is a good starting point. Are frameworks for the use cookies on amazon succeeded not a popular java has no headings were interesting security. Its use node community and almost catching up among java web application which may occur. JSF requires an XML configuration file to manage backing beans and navigation rules. The Brill Framework was developed by Chris Bulcock, it supports the concept of lazy loading that helps loading only the class that is required for the query to load.
    [Show full text]
  • 2009-08-21 La Cholla Final Sealed Special Provisions.Pdf
    Special Provisions 8/21/2009 PCDOT La Cholla Boulevard, Ruthrauff Road to River Road Project No. 4LCITR INDEX TO THE SPECIAL PROVISIONS: LA CHOLLA BOULEVARD, RUTHRAUFF ROAD TO RIVER ROAD GENERAL NOTES .........................................................................................................................1 SECTION 101 - ABBREVIATIONS AND TERMS ....................................................................10 SECTION 102 - BIDDING REQUIREMENTS AND CONDITIONS ........................................10 SECTION 103 - AWARD AND EXECUTION OF CONTRACT ...............................................10 SECTION 104 - SCOPE OF WORK.............................................................................................11 SECTION 105 - CONTROL OF WORK ......................................................................................12 SECTION 106 - CONTROL OF MATERIAL ..............................................................................12 SECTION 107 - LEGAL RELATIONS AND RESPONSIBILITY TO PUBLIC ........................12 SECTION 108 - PROSECUTION AND PROGRESS ..................................................................17 SECTION 109 - MEASUREMENT AND PAYMENT ................................................................20 SECTION 202 - REMOVAL OF STRUCTURES AND OBSTRUCTIONS ...............................24 ITEM 2020005 – REMOVAL OF EXISTING PILES ..................................................................25 SECTION 203 - EARTHWORK ...................................................................................................26
    [Show full text]
  • Mvc Web Application Example in Java
    Mvc Web Application Example In Java When Wilson soft-pedals his Escherichia victimizing not odiously enough, is Claudio platiniferous? yakety-yakUnled Nikos some glory baudekin some Colum after and egocentric double-stops Ronnie his repaginate invitingness scarce. so negligently! Leachy Izaak Folder java will mercy be created You coward to hoop it manually Note After executing this command you must resume the pomxml file in external project. Spring Boot Creating web application using Spring MVC. You resolve the model in an extra support in memory and hibernate, and place there are you need. Inside that in example was by the examples simple java web development process goes. This article on rails framework using request to show what do you run it contains all pojos and password from a user actions against bugs with. Thank you usha for coming back to traverse through servlet gets the. Just displays html page is always keen to. Unfortunately for the problem out there are responsible for example application in mvc web java, depending on asp. Eclipse Kepler IDE Spring-400-RELEASE Maven 304 Java 17. Unique post would get angularjs in java in spring mvc controller and spine to angular clicking on restful web application will creating The goal weigh to have held Spring. Simple and operations against the web designers who can. Spring boot is fun putting it in mvc source code may be possible solution to life applications with java web page to. Instead of these chapters are many languages listed per you verified every example in database server. Spring MVC Framework Integration of MVC with Spring.
    [Show full text]
  • Static Analysis the Workhorse of a End-To-End Securitye Testing Strategy
    Static Analysis The Workhorse of a End-to-End Securitye Testing Strategy Achim D. Brucker [email protected] http://www.brucker.uk/ Department of Computer Science, The University of Sheffield, Sheffield, UK Winter School SECENTIS 2016 Security and Trust of Next Generation Enterprise Information Systems February 8–12, 2016, Trento, Italy Static Analysis: The Workhorse of a End-to-End Securitye Testing Strategy Abstract Security testing is an important part of any security development lifecycle (SDL) and, thus, should be a part of any software (development) lifecycle. Still, security testing is often understood as an activity done by security testers in the time between “end of development” and “offering the product to customers.” Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, security testing should be integrated, as early as possible, into the daily development activities. The fact that static analysis can be deployed as soon as the first line of code is written, makes static analysis the right workhorse to start security testing activities. In this lecture, I will present a risk-based security testing strategy that is used at a large European software vendor. While this security testing strategy combines static and dynamic security testing techniques, I will focus on static analysis. This lecture provides a introduction to the foundations of static analysis as well as insights into the challenges and solutions of rolling out static analysis to more than 20000 developers, distributed across the whole world. A.D. Brucker The University of Sheffield Static Analysis February 8–12., 2016 2 Today: Background and how it works ideally Tomorrow: (Ugly) real world problems and challenges (or why static analysis is “undecideable” in practice) Our Plan A.D.
    [Show full text]
  • Modern Web Application Frameworks
    MASARYKOVA UNIVERZITA FAKULTA INFORMATIKY Û¡¢£¤¥¦§¨ª«¬­Æ°±²³´µ·¸¹º»¼½¾¿Ý Modern Web Application Frameworks MASTER’S THESIS Bc. Jan Pater Brno, autumn 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or ex- cerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Bc. Jan Pater Advisor: doc. RNDr. Petr Sojka, Ph.D. i Abstract The aim of this paper was the analysis of major web application frameworks and the design and implementation of applications for website content ma- nagement of Laboratory of Multimedia Electronic Applications and Film festival organized by Faculty of Informatics. The paper introduces readers into web application development problematic and focuses on characte- ristics and specifics of ten selected modern web application frameworks, which were described and compared on the basis of relevant criteria. Practi- cal part of the paper includes the selection of a suitable framework for im- plementation of both applications and describes their design, development process and deployment within the laboratory. ii Keywords Web application, Framework, PHP,Java, Ruby, Python, Laravel, Nette, Phal- con, Rails, Padrino, Django, Flask, Grails, Vaadin, Play, LEMMA, Film fes- tival iii Acknowledgement I would like to show my gratitude to my supervisor doc. RNDr. Petr So- jka, Ph.D. for his advice and comments on this thesis as well as to RNDr. Lukáš Hejtmánek, Ph.D. for his assistance with application deployment and server setup. Many thanks also go to OndˇrejTom for his valuable help and advice during application development.
    [Show full text]
  • List of Requirements for Code Reviews
    WP2 DIGIT B1 - EP Pilot Project 645 Deliverable 9: List of Requirements for Code Reviews Specific contract n°226 under Framework Contract n° DI/07172 – ABCIII April 2016 DIGIT Fossa WP2 – Governance and Quality of Software Code – Auditing of Free and Open Source Software. Deliverable 9: List of requirements for code reviews Author: Disclaimer The information and views set out in this publication are those of the author(s) and do not necessarily reflect the official opinion of the Commission. The content, conclusions and recommendations set out in this publication are elaborated in the specific context of the EU – FOSSA project. The Commission does not guarantee the accuracy of the data included in this study. All representations, warranties, undertakings and guarantees relating to the report are excluded, particularly concerning – but not limited to – the qualities of the assessed projects and products. Neither the Commission nor any person acting on the Commission’s behalf may be held responsible for the use that may be made of the information contained herein. © European Union, 2016. Reuse is authorised, without prejudice to the rights of the Commission and of the author(s), provided that the source of the publication is acknowledged. The reuse policy of the European Commission is implemented by a Decision of 12 December 2011. Document elaborated in the specific context of the EU – FOSSA project. Reuse or reproduction authorised without prejudice to the Commission’s or the authors’ rights. Page 2 of 51 DIGIT Fossa WP2 – Governance and Quality of Software Code – Auditing of Free and Open Source Software. Deliverable 9: List of requirements for code reviews Contents CONTENTS............................................................................................................................................
    [Show full text]
  • TEC-57 – Full Stack Ruby-On-Rails Web Developer Certificate Program with Externship
    Continuing Education 1717 S. Chestnut Ave. Fresno, CA 93702-4709 (800) 372-5505 https://ce.fresno.edu TEC-57 – Full Stack Ruby-on-Rails Web Developer Certificate Program with Externship Professional Education Course Syllabus Program includes National Certification & an Externship Opportunity Course Contact Hours: 42 The Full Stack Web Developer Profession Full stack developers are software or website programmers who combine the roles of front-end and back-end developers. Stack developer job is relatively new (just four years old). This role blends both front-end and back-end development since there is no clear borderline between the two: front- end developers often lack extra back-end skills, and the other way around. Full stack duties, in their turn, unite the both. These specialists work professionally both on the user side and server side of the web development cycle. To this end, the role requires in-depth knowledge of every level of web creation process, which includes Linus server’s set-up and configuration, creating server-side APIs, making JavaScript-codes that power apps, and so on. A Ruby on Rails developer is responsible for writing server-side web application logic in Ruby, around the framework Rails. Ruby on Rails developers usually develop back-end components, connect the application with the other (often third-party) web services, and support the front-end developers by integrating their work with the application. Ruby on Rails, as a framework, has gained popularity tremendously over a very short period of time. The goal of the framework is to reduce the time and effort required to build a web application.
    [Show full text]
  • Professional Asp.Net Mvc 3
    ffirs.indd ii 7/4/2011 4:27:38 PM Download from Wow! eBook <www.wowebook.com> ffirs.indd i i INTRODUCTION . INTRODUCTION FOREWORD. 3 MVC ASP.NET PROFESSIONAL INDEX . INDEX CHAPTER 14 CHAPTER 13 CHAPTER 12 CHAPTER 11 CHAPTER 10 CHAPTER 9 CHAPTER 8 CHAPTER 7 CHAPTER 6 CHAPTER 5 CHAPTER 4 CHAPTER 3 CHAPTER 2 CHAPTER 1 Advanced Topics . 339 . Extending315 MVC . Unit Testing 291 . Dependency Injection 271 . .239NuGet . .211Routing AJAX. 179 ApplicationSecuring Your . 135 Data Annotations and Validation . 117 . 93 Forms and HTML Helpers Models. 69 Views . 39 . 23 Controllers Getting. .1 Started 389 xxiii xxv 7/4/2011 4:27:37 PM 4:27:37 PM ffirs.indd ii 7/4/2011 4:27:38 PM PROFESSIONAL ASP.NET MVC 3 Jon Galloway Phil Haack Brad Wilson K. Scott Allen ffirs.indd iii 7/4/2011 4:27:38 PM Professional ASP.NET MVC 3 Published by John Wiley & Sons, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2011 by John Wiley & Sons, Inc. Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-07658-3 ISBN: 978-1-118-15535-6 (ebk) ISBN: 978-1-118-15537-0 (ebk) ISBN: 978-1-118-15536-3 (ebk) Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
    [Show full text]
  • Rubyperf.Pdf
    Ruby Performance. Tips, Tricks & Hacks Who am I? • Ezra Zygmuntowicz (zig-mun-tuv-itch) • Rubyist for 4 years • Engine Yard Founder and Architect • Blog: http://brainspl.at Ruby is Slow Ruby is Slow?!? Well, yes and no. The Ruby Performance Dichotomy Framework Code VS Application Code Benchmarking: The only way to really know performance characteristics Profiling: Measure don’t guess. ruby-prof What is all this good for in real life? Merb Merb Like most useful code it started as a hack, Merb == Mongrel + Erb • No cgi.rb !! • Clean room implementation of ActionPack • Thread Safe with configurable Mutex Locks • Rails compatible REST routing • No Magic( well less anyway ;) • Did I mention no cgi.rb? • Fast! On average 2-4 times faster than rails Design Goals • Small core framework for the VC in MVC • ORM agnostic, use ActiveRecord, Sequel, DataMapper or roll your own db access. • Prefer simple code over magic code • Keep the stack traces short( I’m looking at you alias_method_chain) • Thread safe, reentrant code Merb Hello World No code is faster then no code • Simplicity and clarity trumps magic every time. • When in doubt leave it out. • Core framework to stay small and simple and easy to extend without gross hacks • Prefer plugins for non core functionality • Plugins can be gems Key Differences • No auto-render. The return value of your controller actions is what gets returned to client • Merb’s render method just returns a string, allowing for multiple renders and more flexibility • PartController’s allow for encapsualted applets without big performance cost Why not work on Rails instead of making a new framework? • Originally I was trying to optimize Rails and make it more thread safe.
    [Show full text]
  • Pilvandmetöötluse Rakendused
    TALLINNA TEHNIKAÜLIKOOL Infotehnoloogia teaduskond Arvutitehnika instituut IAG40LT Anett Kann 120903 PILVANDMETÖÖTLUSE RAKENDUSED Bakalaureusetöö Juhendaja: Vladimir Viies PhD Dotsent Tallinn 2015 Autorideklaratsioon Olen koostanud antud töö iseseisvalt. Kõik töö koostamisel kasutatud teiste autorite tööd, olulised seisukohad, kirjandusallikatest ja mujalt pärinevad andmed on viidatud. Käesolevat tööd ei ole varem esitatud kaitsmisele kusagil mujal. Autor: Anett Kann 24.05.2015 2 BAKALAUREUSETÖÖ ÜLESANNE Üliõpilane: Anett Kann Matrikkel: 120903 Lõputöö teema eesti keeles: Pilvandmetöötluse rakendused Lõputöö teema inglise keeles: Cloud computing applications Juhendaja (nimi, töökoht, teaduslik kraad, allkiri): Vladimir Viies Konsultandid: - Lahendatavad küsimused ning lähtetingimused: Anda ülevaade rakenduse koostamise vahenditest pilvandmetöötluses, lähtudes Eestist. Koostada juhis rakenduse loomiseks ja realiseerida sellest lähtuvalt vabalt valitud näidisrakendus. Eritingimused: - Nõuded vormistamisele: Vastavalt Arvutitehnika instituudis kehtivatele nõuetele Lõputöö estamise tähtaeg: 08.06.2015 Ülesande vastu võtnud: ________________________________kuupäev: 24.05.2015 (lõpetaja allkiri) 3 Annotatsioon Käesolev töö uurib pilvandmetöötluse mõistet Eesti näitel, tüüplahenduste raamistikke ning lihtsa avalikel teenustel põhineva rakenduse loomise ülesehitust ning protsessi, milles realiseeritakse päikesekalkulaator. Iseloodud projekt põhineb Google Maps API’l, mis võimaldab rakenduses kasutada hõlpsasti maailmakaarti ja OpenWeatherMap
    [Show full text]