|
|
Web Application Penetration Testing
Hric, Michal ; Čermák, Igor (advisor) ; Hlaváč, Jindřich (referee)
The aim of the present thesis was to analyze the level of security of select open-source web applications based on penetration testing at various stages of testing, defined by the PTES methodology. This included application of new PETA methodology to perform web application penetration testing and the creation of new knowledge objects concerning penetration testing in the MBI portal. The open-source web applications Juice Shop, NodeGoat, XVWA and bWAPP were tested. The security of the web applications was evaluated as insufficient as at least one vulnerability with a high risk of exploitation was identified for each of the tested applications. For each vulnerability found in the application, recommended corrective measures to eliminate the associated risk is stated. When using the PETA methodology for penetration testing, the benefit was mainly in integrating of penetration testing in the context of IS/IT management in an organization based on application of the narrowed framework for IS/IT management. Finally, new knowledge objects in the MBI portal are listed and described. Objects created include a task concerning the process of penetration testing, a set of metrics for evaluating the success of penetration testing and roles linked to the task.
|
|
|
GetSimple content management system security testing
Kadoch, Lukáš ; Veber, Jaromír (advisor) ; Čermák, Radim (referee)
The main aim of this work is to test the security of content management system GetSimple by means of OWASP methodic. The first part is devoted to the theory and clarification of specific terms which are used in the field of web application security. Further on, it introduces a chosen GetSimple system including its parameters and requirements for a host server. The second part contains the penetration testing itself. Each test includes the aim, instructions and in case of discovery of vulnerability a suggestion for improvement. The testing is subject to OWASP methodic standards and it is managed according to the OWASP Top Ten documentation. The added value of this work is finding the security risks of the chosen system.
|
|
|
Web application security testing
Kapal, Martin ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This bachelor's thesis deals with the topic of web application security. The purpose of the theoretical section is to introduce the problem of web application security in general and highlight the means of exploiting the security vulnerabilities. The next part of this section is dedicated to the Open Web Application Security Project (OWASP) organization, with the primary focus on the OWASP Top Ten Project, describing the ten most critical web application security vulnerabilities. The practical section is about testing the security of the given application using penetration testing. After introducing the application, appropriate testing tools are selected and the testing process is described. Finally, the test results are summarized and all found security weaknesses are fixed.
|
|
|
Laboratory exercise that presents network attacks
Dostál, Adam ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This work is focused on penetration testing of web applications. The theoretical part describes this issue and methodology. The work includes security organization "The Open Web Application Security Project" (OWASP), document OWASP Top 10 and the first 5 vulnerabilities of this document. The last part introduces linux distribution Kali Linux and the several most used penetration tools. The practical part consists of testing the first five vulnerabilities in the document OWASP Top 10 2013. It contains a description of the used SW for the realization of the attacks, virtual infrastructure and test of each vulnerabilities. From the practical part is created laboratory task "Penetration testing of web applications" and additional introductory task "Introduction into penetration testing".
|
|
|
Web-Based Application Vulnerability Testing
Bendík, Lukáš ; Barabas, Maroš (referee) ; Koranda, Karel (advisor)
Goal of the thesis is to provide an overview of most common vulnerabilities occurring in web-based applications and methods, which are used for testing them. With each vulnerability there is given a description, example and methods of securing the applications against it. The thesis also introduces automatic tools, which are used for web-based application vulnerability testing. As a part of thesis, there was implemented an web-based application with embedded vulnerabilities. On this application it is possible to put to test the theoretical methods of testing along with automated tools dedicated for this purpose.
|
|
| |
|
|
Penetration Testing of an Open-Source Software
Hrozek, Jakub ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
This thesis discusses the design and implementation of integrated penetration testing system. In the first two chapters, the reader is introduced to the topic of penetration testing. The basic techniques and classification of tests are described as well as some of the most widely used methodologies. It also discusses the need to automate the testing process. The fifth and sixth chapter discuss specification and detailed design of integrated penetration testing tool. Its implementation and the problems that had arisen during the process are the theme of chapter seven. The last part of the thesis describes practical experiments done with the tool and gives the reader some advice on securing computer networks.
|
|
| |
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Firewall security audit
Krajíček, Jiří ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
An aim of master´s thesis is Firewall security audit. Main tasks this work is introduce with principles of application for audit, create methodology and with this methodology make security audit of the selected firewalls. Theoretical part of this document deal with firewalls and possibilities of integration into network infrastructure. And next with audit and principles of application for security audit. Next practical part of this document deal with creation methodology and procedures including penetration testing. With this methodology is created audit of linux firewall and ISA 2006 included tips for change configuration providing more security.
|
guest ::
