|
|
Analysis of wireless network security in home area
Lokvenc, František ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
The topic of the bachelor thesis is Analysis of wireless network security in home area. Target of theoretical part is to provide complex information about problematics Wi-Fi, options of security and questions associated with it. Practical part focuses on introducing theoretically threats along with practical examples. In the final phase is the target to make recommendations, introduce settings for end user about security and protect of their own wireless sites.
|
|
|
Risk analysis of IoT from the perspective of modern office buildings
Hemžal, Adam ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This bachelor thesis deals with the issue of information security risk management amongst devices of the Internet of Things mainly in the modern office buildings of a company. The theoretical part of the thesis describes the terminology of risk management, information security management and describes the functioning, security and relation of the Internet of Things towards information security. The main component of risk management is their analysis. Therefore practical part discusses the risk analysis of selected devices of the Internet of Things, which are placed in the modern office building of the company. Before the analysis a sample company is defined and then an analysis of risk of these devices is made following the norm "ISO/IEC 27005 Information security risk management." The output of the thesis is a draft of measures that minimize a nascence or possible risk damage within selected devices of Internet of Things on a sample company.
|
|
|
Methods for identification and preparation of incident solutions caused by malicious software
Bárta, Jan ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This bachelor thesis deals with the description of methods for identification and preparation of incident solutions caused by malicious software, which can be retrieved by its various forms. In the theoretical part, the reader is firstly introduced to the situation before the occurrence of a security incident. Along with this, there are presented currently the most widespread types of malicious software, ways of spreading, its forms and tools for communication with attackers. Then follows initial response to the incident, after that there is described the measurability of security incidents, categorization, classification according to various criteria and determination of safety classes. The practical part, which is dealing with incident solution procedures, analyzes the security incident and explains in details, how to behave in this situation and about what to be aware. For the sake of completeness, the future development of the informatics industry is also mentioned. The aim of this thesis is to create a complex that can be used for example as a supporting material for the incident solutions caused by malicious software, which primarily affects security.
|
|
|
GetSimple content management system security testing
Kadoch, Lukáš ; Veber, Jaromír (advisor) ; Čermák, Radim (referee)
The main aim of this work is to test the security of content management system GetSimple by means of OWASP methodic. The first part is devoted to the theory and clarification of specific terms which are used in the field of web application security. Further on, it introduces a chosen GetSimple system including its parameters and requirements for a host server. The second part contains the penetration testing itself. Each test includes the aim, instructions and in case of discovery of vulnerability a suggestion for improvement. The testing is subject to OWASP methodic standards and it is managed according to the OWASP Top Ten documentation. The added value of this work is finding the security risks of the chosen system.
|
|
|
Web application security testing
Kapal, Martin ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This bachelor's thesis deals with the topic of web application security. The purpose of the theoretical section is to introduce the problem of web application security in general and highlight the means of exploiting the security vulnerabilities. The next part of this section is dedicated to the Open Web Application Security Project (OWASP) organization, with the primary focus on the OWASP Top Ten Project, describing the ten most critical web application security vulnerabilities. The practical section is about testing the security of the given application using penetration testing. After introducing the application, appropriate testing tools are selected and the testing process is described. Finally, the test results are summarized and all found security weaknesses are fixed.
|
|
|
Information Security Management System in the company BluePool s.r.o.
Menčík, Jan ; Veber, Jaromír (advisor) ; Světlík, Marián (referee)
This master thesis deals with the topics Information Security Management by the group of ISO/IEC 27000 norms and implementation of the Information Security Management System (ISMS) in one particular company. The theoretical part describes the group of norms ISO/IEC 27000 and the legislation and institutions related to these norms. Then the theoretical framework of a risk analysis is introduced. The benefits and possible obstacles when implementing the ISMS in an organization with emphasis on small businesses is described at the end of the theoretical part. The practical part includes a complex risk analysis and measures to be taken for the revealed risks. Furthermore, it involves the settings of the information security internal rules in the company Bluepool s.r.o. with regard to the risk management and information security policy. The conclusion of this part puts forward a proposal of the process and examples of implementation, time schedule and budget for implementation of adopted measures.
|
|
|
Choose authentication method for logging in to the electronic banking at the same time as cancellation of GRID cards authentication
Mazák, Matej ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
The aim of this Master thesis is to choose appropriate authentication method for logging in to the electronic banking. The chosen solution will serve as an additional factor for authentication and authorization of client and at the same time as the replacement of the outdated security method GRID card. Development and direction of the electronic banking is explained in the theoretical part of the thesis. Further on, the advantages of this channel that are provided to clients and bank, are described. Some of the trends which daily affect the direction of the electronic banking are also described. Security is very important part of the electronic banking and that is why it is mentioned in the each part of this thesis. The practical part contains proposed cancellation procedure of GRID cards and proposal of the new solutions that could replace them in the future. It also contains selection and description of evaluation criteria and multi-criteria evaluation of the selected solutions. Saaty method and scoring method were used to determine the weight of the particular criteria. Conclusion of the thesis compares achieved results of the individual authentication methods and assets of this Master thesis.
|
|
|
DOM optimization
Mironov, Nikita ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
The thesis's main theme is comparison of different approaches of work with DOM API. The aim of the theoretical part of the thesis is explanation of the most popular web browsers' architectures and their inner components. Also, thesis describes the DOM standard and most common optimizations.
|
|
|
Analysis of security access to internet banking via mobile devices
Hiršal, Michael ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The objective of this thesis is to analyze and review external security of mobile applications providing mobile banking on Android operating system. The theoretical section is aimed to describe the prerequisites for security analysis and the technological design of security for this kind of applications. Related practical section is based on the data acquired by the author in which the technological security is examined. Products of the companies Air Bank, a.s. and Moneta Money Bank, a.s. were selected to be examined in the practical section. These two companies are sample of the current Czech bank market. The examined level of security of both of the applications and their comparison are covered in the conclusion of the thesis.
|
|
|
Phishing in the gaming industry
Nguyen Van, Thanh ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This bachelor thesis deals with a currently major issue of cyber security, which is phishing. The study is also specific in that it is focused on the gaming industry, which is subjected to a detailed analysis. The first goal of thesis is to acquaint the reader with problems of security risks of phishing in general and in game related fields. To achieve this goal, in the introduction of the theoretical part of the work, the general problem of phishing with a view on historical development and expansion is presented. Furthermore is described topic of gaming industry, its trends of videogames and security risks of online trading. The second goal is to give future and existing Steam users an overview of common phish-ing attacks and countermeasures. To achieve this goal, in the analytical part of the work, a specific gaming platform in online trading and distribution of game is selected, Steam from Valve. In the practical part of the work, eight selected phishing attacks are conducted to brief analysis and completed into a final evaluation and countermesures of all attacks.
|
guest ::
RSS feed.