|
|
Websites in terms of security against attacks
Kučera, Jan ; Benda, Petr (advisor) ; Havránek, Martin (referee)
This bachelor thesis explains the security risks of web applications and their defense against damaging attacks. The issue is presented mostly from perspective of developers, therefore the introduction also mentions several principles of safe behavior on the internet from the user's perspective. Explained are the concepts of security risks in information technology and the concept of web applications. Thesis is based on the project OWASP Top 10 - 2013 made by OWASP Foundation, which defines the ten most critical security threats. There are explained also security methods of defending against some of the threats in the three most widely used PHP frameworks. The practical part presents examples of various attack scenarios of each security threat from the theoretical part. At the end, chosen frameworks are analyzed with penetration software on the private test server.
|
|
|
Laboratory exercise that presents network attacks
Dostál, Adam ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This work is focused on penetration testing of web applications. The theoretical part describes this issue and methodology. The work includes security organization "The Open Web Application Security Project" (OWASP), document OWASP Top 10 and the first 5 vulnerabilities of this document. The last part introduces linux distribution Kali Linux and the several most used penetration tools. The practical part consists of testing the first five vulnerabilities in the document OWASP Top 10 2013. It contains a description of the used SW for the realization of the attacks, virtual infrastructure and test of each vulnerabilities. From the practical part is created laboratory task "Penetration testing of web applications" and additional introductory task "Introduction into penetration testing".
|
|
| |
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Tool creation for an automated penetration testing of web applications
Kiezler, Tomáš ; Hradil, Jiří (advisor) ; Pavlíček, Luboš (referee)
This thesis focuses on security of web applications, which can be measured by the results of penetration testing. In the theoretical section of this study individual methods of how the testing can be performed are outlined. This study then outlines the advantages and disadvantages of automated testing compared to manual testing, and the tools which incorporate automated scanning for security of web applications are scrutinized. Statistics of security risk occurrences found on the Czech Internet are also included. The practical part depicts the creation of a tool for automated testing, written in the most frequently used programming language in web development, that will be able to detect the most common weaknesses. The tool is developed to show ways of detecting certain risks and to inspect whether it is possible to automate the search. The primary aim of this study is to introduce the reader to the field of security of web applications, present to them the legality of penetration testing and introduce them to options of finding and fixing security risks and avoiding them in web development.
|
|
|
Knowledge sharing applications and their safety
Kůrka, Jan ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
The purpose of this bachelor's thesis is to describe security issues of knowledge sharing web applications. Basic terms related to the topic are defined in the theoretical part. Types of tests that can be used to verify safety of the application are described further, followed by introduction of OWASP foundation and their development and documentation projects. The project OWASP Top Ten 2013 informing about the ten most critical security threats to web application is then described in more detail. Finally, theoretical part presents knowledge sharing applications and their best-known open-source representatives. Practical part of the thesis is dedicated to penetration testing the three most widely used wiki applications. A particular testing methodology is presented, including the procedure and the results of the tests themselves. The results are commented and explained in detail and the overall security of every application is evaluated. Contribution of this bachelor's thesis is verification of security in currently most widely used knowledge sharing applications and finding their vulnerabilities. The test results together with the found insufficiencies will be sent to the developers of these applications.
|
|
|
Web Application Security Testing and implementation of fixes
Doležal, Ondřej ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The main objective of this bachelor thesis is to introduce the topic of web security as the part of development. This thesis mentions the most critical web application security risks and tools which developers may use to test such risks. Another objective of the thesis is to introduce a web application which this author co-developed and which is the subject of security testing and following implementation of fixes.
|
|
|
Testing e-commerce applications security
Trnka, Karel ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The purpose of this bachelor's thesis is to describe concept of testing e-commerce applications security. The first part is dedicated to theoretical level. There are definitions of basic terms connected with the topic of this thesis followed by description of penetration testing. At the end of the first part of this bachelor's thesis there is introduction to project OWASP (Open Web Application Security Project) and documentation project Top Ten which describes ten most critical web applications security risks. Second part of this thesis is dedicated to practical penetration testing of three chosen e-commerce products. There is introduction to procedure and method of conducted and by the OWASP method standardized tests. Final report is included in next chapter also with possible solutions and recommendations based on the test results. Contribution of this thesis lies in finding vulnerabilities in selected e-commerce products. The final report will be sent to the developers of these applications together with proposals to address problems discovered.
|
|
|
E-learning applications and data security
Menčík, Jan ; Veber, Jaromír (advisor) ; Čermák, Radim (referee)
This bachelor's thesis addresses the topic of security threats for web applications, with the practical part presenting a security assessment of selected e-learning applications. It describes the most common current threats for web applications, attack techniques and security techniques. The web environment gave rise to a whole range of techniques for breaching the security of web applications, and this thesis therefore presents the most common threats. The second part of the thesis introduces security techniques, both general techniques based on securing the protocol and techniques against specific threats. The protocol on which an application runs is one of the most important security components, and therefore the thesis analyses the functioning of the HTTPS protocol and its security layers in greater detail. The following part provides an analysis of the field of e-learning security. The reader learns about the security risks which he can encounter in operating open source e-learning solutions. The conclusion of the theoretical part describes the basic principles of security testing by means of the methods defined by the Open Web Application Security Project. The practical part of the thesis deals with the results of security testing of three selected open-source software systems: Moodle, Dokeos and eFront. The testing was focused on threats introduced in the theoretical part of the thesis and uses the findings from the OWASP Testing Guide v3. Individual testing attacks, their results and overall security recommendations are described for every tested e-learning system. The conclusion of the practical part provides an overall assessment of the tested systems.
|
|
|
Security evaluation of the PHP application according to OWASP ASVS standard
Sůva, Jakub ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
The goal of this bachelor's thesis is to verify security level of web application. Verification is based on the standard called OWASP ASVS 2013 Beta especially on its first level of requirements. To achieve the goal thesis uses semi-automated white box penetration tests and interview. The thesis is limited to testing of PHP web applications and it is divided into two main sections, theoretical and practical. The theoretical part is mainly focused on introducing penetration testing of web applications in general. Cardinal part is description of OWASP ASVS 2013 Beta. A research of automated testing tools is done in the practical section. One of the tools is chosen afterwards to make the testing of web application more efficient. Practical part is mostly focused on the tests themselves. The end result is comprehensible report with outcomes and their interpretation.
|
guest ::
