|
| |
|
|
Security testing of selected network protocols and related vulnerabilities
Böhmová, Monika ; Šeda, Pavel (referee) ; Jeřábek, Jan (advisor)
This thesis focuses on problematics of IPv6, ICMPv6 and DNS protocols, vulnerabilities and testing of aforementioned protocols. Methods of testing including black-box, whitebox and grey-box are explained. Testing instances and scenarios are listed for black-box and white-box testing methods. Furthermore manual and automated testing with use of tools is differentiated. Thesis also includes creation of testing environment and tool for automated testing. Environment is created using a software tool for virtualization of network infrastructure and its elements using GNS3 tool. Tool for automated testing is created with the use of Python 3 programming language. This tool includes scripts which test devices present, settings of connected networks and verify device vulnerability to Man in the Middle attack. Testing of the tool on its own is performed using the created testing environment with various types of end devices which influence the progress and results of the tests which are the output of the automated testing tool either in human readable or machine readable formats.
|
|
|
Tool for Analysis of JavaScript to Detect DOM XSS Vulnerabilities in Web Applications
Barnová, Diana ; Polčák, Libor (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to design a tool for analisys of JavaScript to detect DOM--based XSS vulnerability in web applications. Then to implement it and test it ethically. Cross--side Scripting (XSS) is one of the most common injection attacks on web applications that insert malicious code in an otherwise trusted site. An interpreted response by the browser is required for the detection and subsequent exploitation of DOM--based XSS vulnerabilities, therefore the tool captures the response from the Burp Suite proxy server. The analysis of this response uses two separate regular expressions aimed at searching for sources and sinks in the source code of the response. A set of payloads is used to determine if a site is exploitable. Subsequently, the user is warned of the possible danger. The output is a text file summarizing the results for the URL.
|
|
|
Security Of Web Applications In Php
Slunsky, Tomas
This article deals with the security of web applications, focussing on vulnerabilities inweb applications written in PHP language. This work reveals existing security issues, demonstratesthe impact of them and propose solution with more approaches. The solution focuses mainly onthe level of network filtering with Intrusion Detection System (IDS) or Intrusion Prevention Systems(IPS). There are more issue solution approaches and it will therefore be possible to propose the bestone and describe it more.
|
|
|
Web application for testing web server vulnerabilities
Šnajdr, Václav ; Burda, Karel (referee) ; Smékal, David (advisor)
The Master’s Thesis deals with the design and implementation of a web application for testing the security of SSL/TLS protocols on a remote server. The web application is developed in the Nette framework. The theoretical part describes SSL/TLS protocols, vulnerabilities, recommendations and technologies used in the practical part. The practical part is devoted to the creation of a web application with the process of using automatic scripts to test and display the results on the website with a rating of A+~to~C. The web application also displays a list of detected vulnerabilities and their recommendations.
|
|
|
Information and Cyber Threats in 2019
Bača, Jonatán ; MSc, Michal Mezera (referee) ; Sedlák, Petr (advisor)
Diploma thesis focuses on information and cyber threats in 2019. It comprises theoretical basis for better understanding of the issue. Afterward the thesis describes the analysis of the current situation which combined several analyses primarily aimed on Czech companies. In the last part draft measures is created which contain predictions and preventive actions and recommendations for companies.
|
|
|
Vulnerability Detection Service of Web Page Libraries
Bednář, Radek ; Zendulka, Jaroslav (referee) ; Volf, Tomáš (advisor)
This thesis deals with the creating of an application for the detection of technologies used on websites and finding their vulnerabilities. Application is implemented using the Symfony Framework and the React.js library. The information source is the NVD database joined by data from the GitHub service. Apart from the detection of technologies, the application allows the user to manually create his own sets of technologies and share them using the URL address.
|
|
|
Vulnerability Detection in Computer Network
Šuhaj, Peter ; Hranický, Radek (referee) ; Holkovič, Martin (advisor)
Bachelor's thesis deals with analysis of chosen network protocols, finding their vulnerabilities and with designing and implementation of a tool for their detection. A vulnerability, for example, is using unencrypted communication. First of all the chosen protocols are studied, next methods for capturing and processing network traffic are analyzed. Based on research the design of the tool for detecting vulnerabilities is created and design of the format of vulnerabilities is created. Afterwards the implementation of the design is created in language Python and YAML configuration files are created containing entries of vulnerabilities. The program checks the input PCAP based on the content of these files. Testing took place on files of different size containing captured network traffic.
|
|
|
Tool creation for an automated penetration testing of web applications
Kiezler, Tomáš ; Hradil, Jiří (advisor) ; Pavlíček, Luboš (referee)
This thesis focuses on security of web applications, which can be measured by the results of penetration testing. In the theoretical section of this study individual methods of how the testing can be performed are outlined. This study then outlines the advantages and disadvantages of automated testing compared to manual testing, and the tools which incorporate automated scanning for security of web applications are scrutinized. Statistics of security risk occurrences found on the Czech Internet are also included. The practical part depicts the creation of a tool for automated testing, written in the most frequently used programming language in web development, that will be able to detect the most common weaknesses. The tool is developed to show ways of detecting certain risks and to inspect whether it is possible to automate the search. The primary aim of this study is to introduce the reader to the field of security of web applications, present to them the legality of penetration testing and introduce them to options of finding and fixing security risks and avoiding them in web development.
|
|
|
Framework for on-line service security risk management
Mészáros, Jan ; Buchalcevová, Alena (advisor) ; Čermák, Igor (referee) ; Doucek, Petr (referee) ; Jirovský, Václav (referee)
This dissertation thesis is dedicated to on-line services security management from service provider's and service consumer's viewpoints. The main goal is to propose a framework for on-line services security risk management, to develop a supporting software tool prototype and to validate them through a case study performed in a real-world environment. The key components of the proposed framework are a threat model and a risk model. These models are designed to fit specific features of on-line services and the surrounding environment. A risk management process is an integral part of the framework. The process is suitable for frequent and recurrent risk assessments. The process comprises of eight steps, related roles and responsibilities are defined for each step. The process execution results in identification and execution of proper tasks which contribute to treatment of identified security risks and deficiencies. Documentation and reporting of an overall level of on-line services security over time is possible if the process is executed on a regular basis. The proposed framework was validated through a case study performed in a large enterprise environment.
|
guest ::
