|
| |
|
|
Framework for on-line service security risk management
Mészáros, Jan ; Buchalcevová, Alena (advisor) ; Čermák, Igor (referee) ; Doucek, Petr (referee) ; Jirovský, Václav (referee)
This dissertation thesis is dedicated to on-line services security management from service provider's and service consumer's viewpoints. The main goal is to propose a framework for on-line services security risk management, to develop a supporting software tool prototype and to validate them through a case study performed in a real-world environment. The key components of the proposed framework are a threat model and a risk model. These models are designed to fit specific features of on-line services and the surrounding environment. A risk management process is an integral part of the framework. The process is suitable for frequent and recurrent risk assessments. The process comprises of eight steps, related roles and responsibilities are defined for each step. The process execution results in identification and execution of proper tasks which contribute to treatment of identified security risks and deficiencies. Documentation and reporting of an overall level of on-line services security over time is possible if the process is executed on a regular basis. The proposed framework was validated through a case study performed in a large enterprise environment.
|
|
|
Security evaluation of the PHP application according to OWASP ASVS standard
Sůva, Jakub ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
The goal of this bachelor's thesis is to verify security level of web application. Verification is based on the standard called OWASP ASVS 2013 Beta especially on its first level of requirements. To achieve the goal thesis uses semi-automated white box penetration tests and interview. The thesis is limited to testing of PHP web applications and it is divided into two main sections, theoretical and practical. The theoretical part is mainly focused on introducing penetration testing of web applications in general. Cardinal part is description of OWASP ASVS 2013 Beta. A research of automated testing tools is done in the practical section. One of the tools is chosen afterwards to make the testing of web application more efficient. Practical part is mostly focused on the tests themselves. The end result is comprehensible report with outcomes and their interpretation.
|
|
|
Network infrastructure attacks and their mitigation using an IPS/IDS Snort
Olexa, Martin ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This paper gives an insight to detection and prevention systems regarding a network infrastructure. First part of the paper concentrates on key concepts in an information systems security and describes examples of attacks with tools used to mitigate them. A broader description is reserved for IDS/IPS systems with a focus on the Snort software. Second part of the paper analysis a sample attack abusing a vulnerable version of the OpenSSL library. This attack is used to describe a process of getting the necessary information, creating a Snort rule and testing the fixed vulnerability. Aim of this paper is to provide a manual and theoretical background regarding implementing an IDS/IPS solution in a computer network through an example attack.
|
|
|
Web application security
Šmolík, Marek ; Buchalcevová, Alena (advisor) ; Mészáros, Jan (referee)
This thesis is focused on a web application security subject with an emphasis on ASP.NET MVC platform. Its primary objective is to create a comprehensive methodology for systematic verification of web application security, which contains specific implementation details intended for developers and testers. The methodology takes categorization, technical details and individual vulnerabilities from multiple sources and enhances them with specific examples. Work is valuable for developers and testers of mentioned platform mainly because it provides detailed information not included in available methodologies.
|
|
|
Electronic payments on the Internet
Králíčková, Lenka ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This Bachelor thesis deals with issues of card payment on the Web. It deals with current state of the electronic means of payment. The aim is to familiarize readers with these issues. The first part describes the history of credit cards in the world and the Czech Republic. Furthermore, it analyzes the characteristics of credit card and its types. There is described in detail the security system 3-D Secure, which is now the international standard in the field of card payments over the Web. In this Bachelor thesis there is mentioned the ISO/OSI model and SSL and HTTPS, through which payment is processed through the 3-D Secure and, to make it complete, there is described a digital certificate authority. Then the example of implementation of this standard in online shops and the description of current options for payments over the Web follows. There are listed the security risks of this payment. There are the results of the survey in conclusion, whose aim was to analyze the Czech public awareness of the payment card and to determine level of use of card payments on the web in the country. The reader of this work obtains a comprehensive view on the issues of card payment over the Web. The work would give an idea of how the payments work and what alternatives payments over the web there are. Furthermore, it should point out ways of obtaining sensitive information to his credit card or account.
|
|
|
Web Application Security Testing
Bukovský, Ondřej ; Pavlíček, Luboš (advisor) ; Mészáros, Jan (referee)
This work is aimed on documenting the use of tools for security testing of web applica-tions. First part of the work lists and describes most common vulnerabilities. Then tools to detect these vulnerabilities are tested. The most suitable tool, or a combination of tools, suitable for repeated and automated security testing, is selected. Another goal is the inte-gration of automated security testing into the development lifecycle of web application. The benefit would be facilitation of web application security testing for individuals or small teams.
|
|
|
Overview and comparison of cloud solutions for application development
Filimonov, Sergey ; Buchalcevová, Alena (advisor) ; Mészáros, Jan (referee)
This bachelor thesis lets the reader understand the definition of cloud computing, learn some facts about history of occurrence of the term. Also this bachelor thesis presents basic information considering the key players in the cloud computing market and main advantages and disadvantages of choosing cloud computing. The practical part of this thesis describes some smaller but extremely interesting cloud platforms, which are not well-known and distributed as a freeware. The main goal of this thesis is to explore cloud platforms for development.
|
|
|
Analysis of Daily Deal Sites Market in the Czech Republic from a Customer Perspective
Šíp, Petr ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This bachelor thesis analyses daily deal sites market offers in Czech Republic and creates a model of a daily deal site according to customer preferences. First the e-business is described. Then the concept of group buying is explained. The history of daily deal sites evolution is explained. Followed by the security of daily deal sites. Further, the benefits and limitations for participants are discribed. A questionnaire survey among consumers is evaluated and from it found out their preferences. Furthermore, monthly offers of deals on three czech daily deal sites are created and their analysis is performed. At the end, based on answers from filled in questionnaires and performed analyses the model of a daily deal site is created.
|
|
|
Identity management in the SaaS environment
Krčma, Marek ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
This bachelor thesis deals with the identity management in the SaaS environment. The first part of the thesis defines and connects the areas which identity management is related. These areas are: cloud computing, authentication and authorization, legislation and standards. In areas of cloud computing, authentication and authorization is taken emphasis on security issues. The next part of the thesis compares three authentication and authorization standards (OpenID, OAuth and SAML) that are appropriate solution of the identity management in SaaS applications. The thesis defines the specifics for each standard and specifies the requirements for effective implementation. The last part describes how to implement OpenID authentication standard in an existing web application.
|
guest ::
RSS feed.