|
|
E-shop design and implementation of company
Horsák, David ; Svoboda, Zdeněk (referee) ; Dvořák, Jiří (advisor)
This diploma work characterizes and analyzes the business company. It contains method of solving problems, consequent on the analysis, solving implementation problems and it is project tools for improve future position of company on market by means of electronic market. For further, it is describe economics analysis of design e-shop and it is implementation in chosen company.
|
|
| |
|
|
Web applications for user authentication
Vybíral, Petr ; Dzurenda, Petr (referee) ; Hajný, Jan (advisor)
The thesis deals with the problems of user authentication. The first chapter analyzes the problem of authentication, its methods and its utilization. The second chapter presents the different security options for communication. The chapter describes security, communication and authentication protocols. There is the 2D barcode QR Code described at the end of the chapter. The third chapter is devoted to ASP.NET technology, its development and possibilities of utilization. Attention is focused on web form and server controls. There is an analysis of elements of cookies and possibilities of their use. The last chapter consists of a practical part, which describes the development of a web application. There is a description of the parts of application, such as the database, the Web navigation, master pages and etc. in the following chapter. The cardinal part of the chapter consists of an analysis and implementation of forms authentication, the attribute authentication and authentication with QR code. Finally, there is a description of way how to secure the communication by using a certificate.
|
|
|
Anonymous communication on the internet
Hořejš, Jan ; Babnič, Patrik (referee) ; Rosenberg, Martin (advisor)
The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.
|
|
|
Collection of laboratory works for demonstration of computer attacks
Plašil, Matouš ; Ležák, Petr (referee) ; Burda, Karel (advisor)
Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
|
|
|
E-learning applications and data security
Menčík, Jan ; Veber, Jaromír (advisor) ; Čermák, Radim (referee)
This bachelor's thesis addresses the topic of security threats for web applications, with the practical part presenting a security assessment of selected e-learning applications. It describes the most common current threats for web applications, attack techniques and security techniques. The web environment gave rise to a whole range of techniques for breaching the security of web applications, and this thesis therefore presents the most common threats. The second part of the thesis introduces security techniques, both general techniques based on securing the protocol and techniques against specific threats. The protocol on which an application runs is one of the most important security components, and therefore the thesis analyses the functioning of the HTTPS protocol and its security layers in greater detail. The following part provides an analysis of the field of e-learning security. The reader learns about the security risks which he can encounter in operating open source e-learning solutions. The conclusion of the theoretical part describes the basic principles of security testing by means of the methods defined by the Open Web Application Security Project. The practical part of the thesis deals with the results of security testing of three selected open-source software systems: Moodle, Dokeos and eFront. The testing was focused on threats introduced in the theoretical part of the thesis and uses the findings from the OWASP Testing Guide v3. Individual testing attacks, their results and overall security recommendations are described for every tested e-learning system. The conclusion of the practical part provides an overall assessment of the tested systems.
|
|
|
Security of social networks
Hric, Michal ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
Social networks represent an integral part of the personal, and in some cases, professional life of many people. The security of social networks is one of the key factors that determines its quality and credibility. The thesis analyzes security of six of most widely used social networks, with emphasis on the security of their web applications, optional security features of user accounts and privacy policies. Web application security was different for all investigated social networks. The most common deficiency was the use of SHA-1 signature algorithm, RC4 cipher support and unsupported option HSTS. Optional security features of user accounts were managed best by the first two evaluated networks (Facebook and YouTube), while other social networks provided less optional security features. Privacy policies didn't differ significantly, major differences were determinated by social network functionality. Although there are known risks related to insufficient security of social networks, even the most widely used social networks have deficiencies in this area.
|
|
|
Analysis of deal-of-the-day services market from the viewpoint of security
Maskaliunets, Stanislau ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
In this bachelor thesis I analyze the market of deal-of-the-day services from the viewpoint of security. First of all, I describe the security of the information systems as a term. I also explain the methods of securing web applications. Web applications run on HTTP protocol, and the more secure web applications use the HTTPS protocol, which contains the TLS/SSL. In this work I describe working principle of HTTP protocol. I also describe the SSL/TLS protocols and methods of their acquiring. In the theoretical part, I also describe the methods of cryptography. In the practical part, I describe the methods of defense against attacks and analyze the deal-of-the-day services. I describe the evolution of both the world and Czech deal-of-the-day services. At the end, I analyze deal-of-the-day websites security and compare the results of this analysis.
|
|
|
Security of web pages
Totzauer, Tomáš ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This bachelor thesis deals with security of web sites and includes a practical part about security of cloud services. There are described techniques of web sites security at this paper. Web sites use for its operation the HTTP protocol and more secure web pages use the HTTPS protocol, which also includes a security layer called SSL or TLS. Since the web application can never be safer than the protocol that is used, all the protocols and layers are further discussed in this thesis. Especially their characteristics from the perspective of safety, principles of their functioning, their security weaknesses and recommendations in order to reduce risks and increase their safety are closer clarified. The theoretical part continues in disquisition of encryption, related to security layers. Then in the same context, it describes the major certification authorities. The next section analyzes the security of cloud computing. The reader learns about the security risks in connection with the use of the cloud, about standards and legislation. At the end of the theoretical part, trends in the security of cloud computing that we can expect in the coming years are discussed. In the practical part, there could be found attacks against web applications that use both HTTP and HTTPS. Each attack is described in terms of principle and defense techniques against it. This thesis also includes recommendations for proper use of safety layers SSL and TLS which are used on secure web applications. The largest and best known providers of cloud computing from the perspective of securing their services are compared. In this area of IT, there are no borders, so that the world's biggest players are also the biggest in the Czech Republic. Both corporate and private cloud services are explained. For each service, there is a technical description of its security and a preview of safety policy of the organization that operates this service.
|
|
|
Methods for maintaining state information in the HTTP protocol
Polsemov, Anton ; Pinkas, Otakar (advisor) ; Šváb, Ondřej (referee)
This bachelor thesis is focusing on HTTP protocol, its features, and technological aspects. The HTTP protocol is stateless so it is necessary to search for methods to keep status information. These methods are cookies, URL query, session id, http authentication, hidden fields in forms, IP address and additional. Every method has its own strong and weak features. Security of these methods influences a final resolution. Ahead of description of the methods, the thesis is concerning cryptography a describing HTTP cookies in detail. The practical section contains an analysis of online banking in Czech Republic and characterization of trends in this brand. Also, an installation of a PHP5, HTTP Apache server, creation and signification of an OpenSSL certificate is in the last chapter and finally, a simple application of online Banking is created.
|
guest ::
