Added AppSec description and references

2 files changed, 33 insertions, 2 deletions

diff --git a/synopsis.pdf b/synopsis.pdf
index 09589ba..999eab2 100644
--- a/synopsis.pdf
+++ b/synopsis.pdf
diff --git a/synopsis.tex b/synopsis.tex
index 47b265a..65d8e93 100644
--- a/synopsis.tex
+++ b/synopsis.tex
@@ -39,6 +39,8 @@ In order to give an answer to it, I will first need to find solutions to the fol
 	\item How software developers can prevent them?
 \end{itemize}
 
+\newpage
+
 \section{Method}
 
 The method which I am going to use in my research consists of a few activities:
@@ -67,14 +69,43 @@ To optimize my work and to make sure I will deliver the finishied synopsis befor
 	\label{my-label}
 \end{table}
 
-The first week is a project initialization phase, in which I will describe what I am going to do in the next weeks, how and why. In the second and third week I will focus on learning, finding information and describing the results of it. I am also going to focus on the practical part of this project, which is learning how to use different attack techniques and creating examples for the presentation of them. In the last week I will look back at my work, write summary of it, as well as reflections on the research process. I will also proof read my synopsis and correct all mistakes.
+The first week is a project initialization phase, in which I will describe what I am going to do in the next weeks, how and why.
+
+In the second and third week I will focus on learning, finding information and describing the results of it. I am also going to focus on the practical part of this project, which is learning how to use different attack techniques and creating examples for the presentation of them.
+
+In the last week I will look back at my work, write summary of it, as well as reflections on the research process. I will also proof read my synopsis and correct all mistakes.
+
+\newpage
 
 \section{Work}
+\subsection{What is application security?}
+
+Application security describes activities that need to be taken into consideration by a developer who creates an application which will be available to a broader group of users. Having a large userbase means that there is a risk that, among the regular users, there might be some individuals with malicious intents.
+
+These people, usually called attackers, could try to access sensitive data stored in the database connected to the application or use functions that normally are only available for the users with special privileges. Such data could include for example a list of users, some important documents or money in a bank account. Administrator actions, like adding/removing users or changing application's settings could be an example of functionality wanted by the attackers.
+
+In order to achieve their goals, the attackers try to find vulnerablities, unintended flaws or weaknesses in the application, and exploit them. Although the application security improved over the years, some of the most common vulnerabilities remain unchanged and include: broken authentication, broken access controls, SQL injection, cross-site scripting (XSS), information leakage and cross-site request forgery (CSRF).
 
 \section{Conclusion}
 
 \section{Reflection}
 
-\section{References}
+\begin{thebibliography}{9}
+
+	\bibitem{webapphandbook}
+		Dafydd Stuttard, Marcus Pinto.
+		\textit{The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition}.
+		John Wiley \& Sons Inc, ISBN: 978-1118026472, 2011.
+
+	\bibitem{owasptop10}
+		Caroline Wong.
+		\textit{Learning the OWASP Top 10}.
+		\texttt{https://lynda.com/IT-\allowbreak{}Infrastructure-tutorials/Learning-OWASP-Top-10/642483-2.html}
+		
+	\bibitem{cernertalk}
+		Michael Coates.
+		\textit{Application Security - Understanding, Exploiting and Defending against Top Web Vulnerabilities}.
+		\texttt{https://youtu.be/sY7pUJU8a7U}
+\end{thebibliography}
 
 \end{document}