Dissertation topic ADVICE needed. Website security and Cryptography

[JoeyG1717]

Hello,

I have a number of questions to ask any programmer that knows specifically about encryption/databases/web-development for my chosen dissertation.

Now, I do not want anyone to do any of the work for me. I just need pushing in the right direction with a few queries I have. My questions will make that clearer. Thank you in advance for anyone willing to answer the questions below. I am welcome to all opinions. You guys are the experts and I'm attempting to become one.

My dissertation topic that I have chosen is to design and implement a SECURE cloud storage web application.(my own personal dropbox).

things I want answers too...

• What programming language(s) will I need to create the application? (in your opinion)

• I want to upload files and then encrypt them.. What is the best way to learn these techniques and why?

• Links or ebooks that go into details of how to code security into web applications. mysql injection prevention, etc etc?

• Anything else I need to consider to take on the project?

I am very open minded about what I am planning to do, so all advice is invaluable to me. I have a moderate level of programming in particular languages. hence, the stupidly obvious questions I have posted. apologies.

Any help will be greatly appreciated.

Thanks, Joey

 

[root]

Programming languages...

I'd imagine either C or java as these have fairly neat network socket libraries.

To be secure you need to upload files using an encrypted protocol. So that traffic can't be sniffed.
As for what is best, I'd imagine it's best to encrypt on your local workstation and upload an encrypted file, that way you keep the keys locally, they aren't on the server, if a person were to hack the server then they also have access to the decryption key if you do the encrypt on the server.

As a start look at sha-1 rsa and diffe-Hellman

For anti SQL injection, you need to sanitise your inputs,
Far example, nobody should have a name of '--drop table people; ' look for specific input variables (php_striphtml for example removed HTML from input, there is another I think it's called strip chars or something to remove special chars, there is also strip quotes etc.
Always cast numbers as %d then the variable name at the end in php, that ensures whatever goes into that number field is a number,
Eg if someone tries to out the letter a in there then the number 68 (I think) gets put in there (or whatever it's place in the ASCII table is,

My advice...
It's going to be a hell of a lot of work.
I made something a bit like this in my dissertation
(Though mine was a suite of online tools for coders that was a knowledge base where articles were posted, a source control tree (with file locking and branching etc) and a linked source bug tracking tree (so you could enter notes against leaves on the tree.
Given my time again I would have much rather concerntraited on a single element of what I was doing and made something better.

This was in the days before drop box or share point. The best online scns were heavily command line oriented and source safe web access was a joke.
I made something passable, but if I hadn't been trying to create a whole suite of packages then I'd have been able to create a real (useful and marketable) product.
As it is I got a tool that was useful for a couple of years, but only to me. Whee the back end is clunky, and I've long since abandoned using it.

If you want something useful, concerntraited on one thing.
(E.g your encryption engine, or a way to pass the encryption key to the server to handoff encryption without compromising the integrity of they key and a way that ensures secure deletion of the key from disk and/or memory on the server.