|
|
Application that supports penetration tests of web applications
Holovová, Simona ; Švikruha, Patrik (referee) ; Martinásek, Zdeněk (advisor)
This master´s thesis is about the security of web applications and penetration testing. The main goal is to gain knowledge about testing methodologies OWASP Testing Guide and ASVS and to implement this knowledge into a web application to assist during manual penetration testing. The theoretical part of the thesis describes both methodologies and web technologies used during the development of the application. The practical part of the thesis is about the design of the application based on the specification, its implementation, and security hardening.
|
|
|
Application that supports penetration tests of web applications
Holovová, Simona ; Švikruha, Patrik (referee) ; Martinásek, Zdeněk (advisor)
This master´s thesis is about the security of web applications and penetration testing. The main goal is to gain knowledge about testing methodologies OWASP Testing Guide and ASVS and to implement this knowledge into a web application to assist during manual penetration testing. The theoretical part of the thesis describes both methodologies and web technologies used during the development of the application. The practical part of the thesis is about the design of the application based on the specification, its implementation, and security hardening.
|
|
|
Security evaluation of the PHP application according to OWASP ASVS standard
Sůva, Jakub ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
The goal of this bachelor's thesis is to verify security level of web application. Verification is based on the standard called OWASP ASVS 2013 Beta especially on its first level of requirements. To achieve the goal thesis uses semi-automated white box penetration tests and interview. The thesis is limited to testing of PHP web applications and it is divided into two main sections, theoretical and practical. The theoretical part is mainly focused on introducing penetration testing of web applications in general. Cardinal part is description of OWASP ASVS 2013 Beta. A research of automated testing tools is done in the practical section. One of the tools is chosen afterwards to make the testing of web application more efficient. Practical part is mostly focused on the tests themselves. The end result is comprehensible report with outcomes and their interpretation.
|
|
|
Security during the application development
Lapáček, Vladimír ; Buchalcevová, Alena (advisor) ; Mészáros, Jan (referee)
The topic of the thesis is issue of security during the application development. The main emphasis is being placed on web applications. The goal is to define a framework for managing the life cycle of applications to meet the security minimum. The objectives of the work are achieved by study of available resources and their subsequent analysis. The target audiences are software developers interested in learning more about how to create secure applications. The work describes the areas that are crucial for security of applications. Work contains security standards which we can use for defining security requirements of applications. Furthermore, there are mentioned the most serious security vulnerabilities and ways how to avoid them. It describes issue of security testing as an important tool for verifying security. The main part of work is the chapter dealing with the way how to include the issue of security throughout the application life cycle.
|
guest ::
