Treffer: Development and Security Testing of a Job Booking Web Application for Nail and Barber Services

Rapid advancements in web development have made JavaScript and its frameworks indispensable for building modern online applications. Among them, React.js is widely appreciated for its component-based structure, flexibility, and large developer community. For backend services, Express.js and Flask are light weight yet powerful frameworks that help create fast, scalable APIs. Express.js leverages the speed of Node.js, while Flask provides a simple and clean structure for Python developers. This thesis focuses on cre ating a full-stack web application for booking nail and hair styling services. The system integrates React.js for the frontend and combines Express.js and Flask to manage backend processes such as authentication, booking management, and data processing. The application aims to deliver a smooth user experience while maintaining a modular and maintainable codebase. In addition to development, the project also emphasizes basic web application security. Tools such as OWASP ZAP and Snyk are used to identify vulnerabilities like cross-site scripting (XSS), insecure dependen cies, and server misconfigurations. These issues are addressed using secure coding practices and preventive techniques. The final result is a functional and deployable application, supported by full documentation covering technical implementation, theoretical background, and a summary of the security issues found and resolved. This thesis demonstrates both practical full-stack development skills and an understanding of modern security best practices.