Application of selected method for securing web application code

Ovaj diplomski rad bavi se problematikom ranjivosti web aplikacija. U današnjem svijetu kada je sve digitalizirano bitna je sigurnost podataka. U radu su opisane neke od najčešćih vrsta napada na web aplikaciju, a to su XSS (Cross - Site Scripting) te SQL Injection. U radu se opisuje i problem sigurnosti protoka informacija. Detaljnije je opisan Runtime application self-protection (RASP), njegov način rada, integracija, jezična potpora, modeli primjene, pravila otkrivanja te način aktivnog i pasivnog učenja RASP-a. Praktičnim djelom prikazan je sustav u kojemu su primijenjene metode osiguranja koda. Sustav se bavi rezervacijom izleta.This graduate thesis deals with vulnerability of web applications. Nowadays when everything is digitalized data security is important. In this thesis are described some of the most common types of attack on web applications and those are XSS (Cross - Site Scripting) and SQL Injection. The thesis also describes the problem of data flow security. Runtime application self-protection (RASP) is more thoroughly described with how it works, its integration, language support, model of application and the way of active and passive learning. In the practical part, the application of the methode for securing code is shown. System deals with trip booking