|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Graphical Design Tool for HTML5 Applications
Sabovčik, František ; Klicnar, Lukáš (referee) ; Beran, Vítězslav (advisor)
This bachelor thesis is focused on design and implementation of a tool for graphical design of HTML5 aplications drawn on Canvas. The editor helps to create user interface visually with positioning, transformation and grouping of image sprites and export to target aplication. The work describes process of development of this tool, involving description of solved problem, exploration of theoretical informations, design and implementation of final product. Feedback of potential users is described in the end of the work, evaluating success of solving defined requirements.
|
|
|
Processing of Uncertain Information in Databases
Morávek, Petr ; Dvořák, Jiří (referee) ; Šeda, Miloš (advisor)
The following diploma thesis focuses on processing of uncertain information in databases. Uncertain information represents vague customer requests during laptop choice in classic shop purchasing. Effort of the work is to develop a modern e-shop application selling laptops, which is based on expert fuzzy system helping customers to choose a laptop without knowledge of technical specifications and current trends.
|
|
|
Energetics information database based on WIKI technology
Čižmár, Martin ; Škoda, Jan (referee) ; Baxant, Petr (advisor)
Topic of this bachelor’s thesis covers practical realization of cooperative database project for purposes of academic usage. There is a possibility that database could be maintained using WIKI technology. Selection of eligible WIKI software will provide communication with databáze server and accessibility to database itself through web interface allows capability to new documents creation, their easy editing and managing.
|
|
|
The E-learning for E-commerce
Brabcová, Kateřina ; Sedláčková, Miluše (referee) ; Dvořák, Jiří (advisor)
The thesis summarizes the possible ways of using the Internet to implement e commerce within the meaning of trade in education. The work deals with the forms of computer-assisted teaching methods, summarizes the applicable software tools, web portals and educational applications, focusing on the creation and dissemination of study materials, and complete learning management systems.
|
|
|
Framework design for automated testing of web sites
Sieber, Lukáš ; Šteffan, Pavel (referee) ; Frk, Martin (advisor)
This master's thesis is based on automated web applications testing with freeware instrument utilization developed under Google code project. It is called Selenium webdriver and become very popular during last years. Selenium webdriver is frequently used for web pages automation. Indisputable advantages of this solution are low entry cost, selenium is broadly used and also live community around that instrument with many useful informations. Main goal of this thesis is creation of automation framework created by Java programming language. This final framework will integrate Selenium webdriver and guarantee easy creation of testing scenarios. Because of this goal is placed mainly on separation of web page programmatic description and description of testing scenario.
|
|
|
A new security model implemented in the metropolitan network
Dančuk, Michal ; Kyselák, Martin (referee) ; Škorpil, Vladislav (advisor)
This diploma thesis deals with wireless computer networks in a point of view security. It contains security principles and standards used in these networks. It shows failings of old security methods in contras of new standards. The result of the thesis is a design of the metropolitan network and its realization. In this network appropriate solutions of security are used. The last part of the thesis deals with a design of web applications created in the PHP programming language and SQL database system.
|
|
|
Customer proprietary information system
Kojecký, Jan ; Roupec, Jan (referee) ; Heriban, Pavel (advisor)
The work deals with the development of custom business information systems for ISPs. The information system consists of two main modules – the user module, which manages all the necessary data and hardware module, which contains information on technical equipment and network infrastructure of company with links to transmitted data monitors. The information system is running on Linux server.
|
|
|
Tool creation for an automated penetration testing of web applications
Kiezler, Tomáš ; Hradil, Jiří (advisor) ; Pavlíček, Luboš (referee)
This thesis focuses on security of web applications, which can be measured by the results of penetration testing. In the theoretical section of this study individual methods of how the testing can be performed are outlined. This study then outlines the advantages and disadvantages of automated testing compared to manual testing, and the tools which incorporate automated scanning for security of web applications are scrutinized. Statistics of security risk occurrences found on the Czech Internet are also included. The practical part depicts the creation of a tool for automated testing, written in the most frequently used programming language in web development, that will be able to detect the most common weaknesses. The tool is developed to show ways of detecting certain risks and to inspect whether it is possible to automate the search. The primary aim of this study is to introduce the reader to the field of security of web applications, present to them the legality of penetration testing and introduce them to options of finding and fixing security risks and avoiding them in web development.
|
|
|
Knowledge sharing applications and their safety
Kůrka, Jan ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
The purpose of this bachelor's thesis is to describe security issues of knowledge sharing web applications. Basic terms related to the topic are defined in the theoretical part. Types of tests that can be used to verify safety of the application are described further, followed by introduction of OWASP foundation and their development and documentation projects. The project OWASP Top Ten 2013 informing about the ten most critical security threats to web application is then described in more detail. Finally, theoretical part presents knowledge sharing applications and their best-known open-source representatives. Practical part of the thesis is dedicated to penetration testing the three most widely used wiki applications. A particular testing methodology is presented, including the procedure and the results of the tests themselves. The results are commented and explained in detail and the overall security of every application is evaluated. Contribution of this bachelor's thesis is verification of security in currently most widely used knowledge sharing applications and finding their vulnerabilities. The test results together with the found insufficiencies will be sent to the developers of these applications.
|
guest ::
