|
|
Vulnerability Assessment of Container Images
Findra, Michal ; Malinka, Kamil (oponent) ; Pavela, Jiří (vedoucí práce)
The work focuses on the problem of automated security analysis of container images in a distributed environment. It describes present vulnerabilities in these environments and tools that deal with the analysis of container images that serve as a template for deploying a specific container. The process involves acquiring an environment description and subsequently processing it into a format meaningful for Vulntron tool developed as part of this thesis. Vulntron automates this process, performs a security analysis of individual components of the container image, and generates a report in a visually and technically processable format. The thesis also includes practical integration in form of Vulntron deployment into various types of development processes within the Red Hat company.
|
|
|
Určení spolehlivosti výsledků statické analýzy pomocí strojového učení
Beránek, Tomáš ; Fiedor, Jan (oponent) ; Vojnar, Tomáš (vedoucí práce)
The Meta Infer static analyzer is a tool for detecting various types of errors in source code. However, its results contain more than 95 % of false alarms. This thesis proposes a solution that ranks Infer’s reports using Graph Neural Networks (GNNs) based on the likelihood of being a real error, thus mitigating the issue with false alarms. The system consists of a training pipeline, which converts the D2A dataset – a set of labeled reports from Meta Infer – into Extended Code Property Graphs (ECPGs) and GNN models trained on these ECPGs. Experimental results indicate that the developed GNN models can match, and in some cases even surpass, existing models developed by strong industrial teams. Moreover, these existing solutions are closed source, making the solution developed in this thesis a promising open-source alternative.
|
|
| |
|
|
Detekce kódu v jazyce JavaScript se známými bezpečnostními chybami
Randýsek, Vojtěch ; Jeřábek, Kamil (oponent) ; Polčák, Libor (vedoucí práce)
Prace se zabyva problematikou detekce zranitelnych JavaScriptovych knihoven a NPM balicku. Na zaklade existujicich studii shrnuje technologicky zaklad platformy Node.js a dale se hloubeji venuje vybranym zranitelnostem systemu NPM a stavajicim ochrannym prostredkum. Bylo vytvoreno rozsireni prohlizece Chrome, ktere ma za cil detekovat a opravit JavaScriptovy kod se znamymi zranitelnostmi na strane weboveho prohlizece. Vytvoreny nastroj byl otestovan pruchodem 50 000 webovymi strankami. Bylo detekovano 8 129 zranitelnych skriptu. Rozsireni bylo publikovano na Chrome Web Store pod nazvem JS Vulnerability Detector .
|
|
|
Detekce kódu v jazyce JavaScript se známými bezpečnostními chybami
Randýsek, Vojtěch ; Jeřábek, Kamil (oponent) ; Polčák, Libor (vedoucí práce)
Prace se zabyva problematikou detekce zranitelnych JavaScriptovych knihoven a NPM balicku. Na zaklade existujicich studii shrnuje technologicky zaklad platformy Node.js a dale se hloubeji venuje vybranym zranitelnostem systemu NPM a stavajicim ochrannym prostredkum. Bylo vytvoreno rozsireni prohlizece Chrome, ktere ma za cil detekovat a opravit JavaScriptovy kod se znamymi zranitelnostmi na strane weboveho prohlizece. Vytvoreny nastroj byl otestovan pruchodem 50 000 webovymi strankami. Bylo detekovano 8 129 zranitelnych skriptu. Rozsireni bylo publikovano na Chrome Web Store pod nazvem JS Vulnerability Detector .
|
|
| |
host ::
RSS.