|
|
Generating Synthetic Web Traffic
Koprda, Peter ; Žádník, Martin (referee) ; Hranický, Radek (advisor)
Web crawlers, známi aj ako webové pavúky alebo roboty, zohrávajú kľúčovú úlohu pri vyhľadávaní informácií, optimalizácii pre vyhľadávače a indexovaní webových stránok. Weboví roboti sa však môžu používať aj pri penetračnom testovaní webových aplikácií. Automatizácia procesu odhaľovania zraniteľností, identifikácia skrytých koncových bodov a efektívne mapovanie štruktúry webovej aplikácie môžu zvýšiť účinnosť penetračného testovania. Táto práca sa zameriava na vytvorenie nástroja určeného na generovanie neľudskej (syntetickej) webovej prevádzky. Tento nástroj bude určený aj na automatizované penetračné testovanie webových aplikácií pomocou webových robotov s využitím syntetickej webovej prevádzky na rozšírenie možností testovania. Okrem toho sa tento nástroj bude používať na hodnotenie účinosti bezpečnostných systémov, ako sú IDS, IPS a webové aplikačné firewally (WAF).
|
|
|
Nginx Web Server Security Weakness Detection Tool
Wagner, Michal ; Perešíni, Martin (referee) ; Křena, Bohuslav (advisor)
This thesis focuses on the security of the Nginx web server and its configuration options, with an emphasis on the reverse proxy server feature. It explores available alternatives to Nginx and security threats to reverse proxy servers. The thesis also delves into methods of detecting these security threats through penetration testing and conducts research on existing tools for detecting security vulnerabilities in reverse proxies. In the practical part, a tool is developed to demonstrate security attacks and detect vulnerabilities on the Nginx server. The functionality of the tool is validated in a suitable testing environment, and based on the gained experience, a technical specification is formulated for configuring the Nginx reverse proxy server to limit its susceptibility to attacks.
|
|
|
Security Analysis of Selected Android TV Box
Švenk, Adam ; Veigend, Petr (referee) ; Tamaškovič, Marek (advisor)
Popularita TV boxov so systémom Android v poslednom čase výrazne vzrástla. Okrem toho, že ponúkajú širokú škálu funkcií, je čoraz aktuálnejšia otázka, či sú dostatočne zabezpečené a chránené. Táto práca popisuje komplexnú bezpečnostnú analýzu vybraného Android TV boxu, ktorá zahŕňa hardvérové aj softvérové komponenty. Skúmaním zraniteľností prítomných v zariadení sa táto práca zameriava na identifikáciu potenciálnych rizík pre súkromie a bezpečnosť používateľov. Okrem toho navrhuje odporúčania na zmiernenie týchto zraniteľností.
|
|
|
Cybersecurity of IoT Devices Using the MQTT Protocol
Hanák, Petr ; Holasová, Eva (referee) ; Fujdiak, Radek (advisor)
This bachelor's thesis focuses on the possibilities of securing communication using the MQTT protocol, which is widely used in industry and for IoT device communication. The thesis discusses the weaknesses and vulnerabilities of the MQTT protocol and subsequently the measures that can be applied for secure communication in networks containing such devices. Secured communication is demonstrated in a secure experimental workplace containing an ESCON-C device that communicates using the MQTT protocol. The security strategy used primarily involves secure communication across networks through a secure communication channel, where the MQTT client is on one side and the MQTT broker, simulating the deployment of the ESCON-C device in an industrial environment, is on the other. This approach mitigates most of the weaknesses inherent in the MQTT protocol.
|
|
|
Cybersecurity analysis of hybrid photovoltaic systems for single-family homes
Svoboda, Vojtěch ; Kohout, David (referee) ; Mikulášek, Michal (advisor)
The bachelor thesis deals with analysis of the cybersecurity of photovoltaic systems for single-family houses. The aim of the thesis was to introduce hybrid photovoltaic systems, possible cyber attacks on these systems and to perform a sample attack on a PV system. The thesis consists of a theoretical and a practical part. The bachelor thesis contains four chapters. The first and second chapters describe the concepts related to cyber attacks and PV systems. Chapter three deals with the Solax X3-Hybrid inverter, its characteristics, vulnerabilities and the communication protocols used. The fourth chapter includes testing of the LAN and Wi-Fi dongles through which the inverter communicates.
|
|
|
Lab tasks on compiled language vulnerabilities
Kluka, Peter Milan ; Štůsek, Martin (referee) ; Sysel, Petr (advisor)
This graduation thesis is devoted to a detailed analysis of vulnerabilities in freely distributed open-source programs. The thesis includes a description of different types of vulnerabilities that are often associated with software attacks. Static and dynamic code testing are examined in detail, as well as the tools used to detect vulnerabilities in source code. The thesis includes the development of three lab exercises, including detailed tutorials that demonstrate the consequences of incorrect implementations. The lab tasks focus on buffer overflow, path/directory traversal, and buffer over-read vulnerabilities. Every lab task includes a demonstration of the flawed code that was responsible for the vulnerability, as well as demonstration of the patched code that was used to fix the vulnerability. These tasks provide practical examples that illustrate the risks associated with inappropriate software design and implementation and demonstrate the importance of effective security techniques in software development.
|
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
MCUXpresso Web application security
Mittaš, Tomáš ; Heriban, Pavel (referee) ; Roupec, Jan (advisor)
This thesis deals with testing of the security of web application MCUXpresso Web SDK Builder using ethical hacking techniques and tools. At the beginning, the history of ethical hacking and structure of web applications are briefly mentioned. The thesis then analyses the application itself from the user’s point of view, its parts before logging in and after logging in and the operation of this application. The following is a list of the most common vulnerabilities and weaknesses found in web applications to understand any vulnerabilities found. Furthemore, the thesis deals with the techniques and tools of web application security and compares them. The penultimate chapter deals with the use of Analysis and vulnerability scanning technique on the application MCUXpresso Web SDK Builder. Finally, an application security test plan is designed, while part of this plan is automated.
|
|
|
Vulnerability Analysis of Data Protection in Selected Company
Strachová, Zuzana ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The bachelor thesis deals with security assessment in the area of data protection of a part of the information system in a selected company. In my thesis, I examine the security status and security controls in place and try to detect actual or potential vulnerabilities. Based on an analysis performed by means of interviews, using assisted assessment methodology and automated vulnerability-finding method, I suggest security enhancements. The theoretical part of the thesis provides an introduction to the topic of data protection and defines the basic related terms.
|
|
|
Decision Risks Management Methods
Janošík, Petr ; Chudý, Peter (referee) ; Kreslíková, Jitka (advisor)
This thesis deals with the matter of risk managament in IT projects. It explains the importance of risk management in such projects and shows different ways and methods of managing and analyzing the risks. After explaining the basic concepts and the various phases of risk management the text focuses on two methods of risk analysis - the fault tree analysis of event tree analysis. Use of both methods is explained for both quantitative and qualitative analyses. The second half of the work includes the design of an application for the support of risk analysis employing the methods of fault tree analysis and event tree analysis. This is followed by a description of the implementation of the proposed system in a web environment using jQuery, Nette Framework and Dibi.
|
guest ::
