|
|
Static Analysis for Discovering Security Vulnerabilities in Web Applications on the Asp.Net Platform
Říha, Jakub ; Lengál, Ondřej (referee) ; Vojnar, Tomáš (advisor)
Tato bakalářská práce popisuje jak teoretické základy, tak způsob vytvoření statického analyzátoru založeném na platformě .NET Framework a službách poskytnutých prostřednictvím .NET Compiler Platform. Tento analyzátor detekuje bezpečnostní slabiny typu SQL injection na platformě ASP.NET MVC. Analyzátor nejdříve sestrojuje grafy řízení toku jako abstraktní reprezentaci analyzovaného programu. Poté využívá statické analýzy pro sledování potenciálně nedůvěryhodných dat. Nakonec jsou výsledky analýzy prezentovány uživateli.
|
|
| |
|
|
Tool for SQL Injection Vulnerability Detection
Kutypa, Matouš ; Samek, Jan (referee) ; Barabas, Maroš (advisor)
The Bachelor thesis is focused on the issue of SQL injection vulnerabilities. The thesis presents commonly used procedures in the attacks against information systems and are also discussed possibilities of defense including the correct ways of input validation. The theoretical part contains the essential foundation of what should the penetration tester know, to be able to examine the inputs of application for SQL injection vulnerability. The thesis also describes analysis, design and implementation of specialized tool for Web application vulnerability detection. The implemented tool was tested and compared with other existing tools. Within the thesis has been also implemented a Web application, which demonstrates many different variants of SQL injection vulnerable inputs.
|
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Secured access for web applications
Humpolík, Jan ; Pelka, Tomáš (referee) ; Doležel, Radek (advisor)
This thesis mainly concerns often neglected security part of each web application, but also secure access users themselves. Describes theoretically and practically modern security technology, on a web application being tested and shows a possible way of defense. Gives instructions for installing its own web server.
|
|
|
Collection of laboratory works for demonstration of computer attacks
Plašil, Matouš ; Ležák, Petr (referee) ; Burda, Karel (advisor)
Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
|
|
|
Web Application for NS2 Training
Pavlosek, Václav ; Koutný, Martin (referee) ; Šimek, Milan (advisor)
There is information to my master's thesis which is called “Web application for NS2 training”. This application works after installation and its source codes are saved on applied CD. It is said about implement Network Simulator 2. It helps to realize simulation of nets and then author inserts information about them into web application. Registered web's visitor has possibility to insert project into application. The project contents information about simulation created in NS2. Web application can also visible detail of possible project which is approved of administrator. Then the visitor can sort projects, search entered expression or connect his contribution to discussion forum. Administrator can approve users projects in his part of application. It makes available for the others. He can also delete them from database. Theory about technologies which are used for implementation of this application. It is talked about web Apache server, database MySQL server and programmable PHP language. There is also mentioned information about security of web application included possible attacks on applications and their database. It is presented proposal of database which creates core of application. This proposal is depended on application requirements. Next chapters give to reader whole image about functionality of application. There are mentioned samples of final graphical image of application. This document also provides the shows of source codes for creating database tables.
|
|
|
New technologies for development of web application Web 2.0
Medlín, Dušan ; Kacálek, Jan (referee) ; Kyselý, František (advisor)
The graduate thesis presents an analysis of the Web 2.0 applications developement. It defines the preliminary conditions and describes the technologies used for the creation of these applications, such as the markup languages HTML and XML, style sheet language CSS, tranfortmations language XSLT and scripting language JavaScript. The thesis depicts the security risks and the ways how the application can be protected against the XSS attacks and SQL Injection. Furthermore, it analyses a concept of the system containing features of the Web 2.0 trend, and its implementation in practice. The internet portal enabling all registered users to share information with the others, will be the result. Files can be uploaded, and maps and videos can be inserted into the system.
|
|
|
Web application security
Matušek, Václav ; Palovský, Radomír (advisor) ; Pinkas, Otakar (referee)
The Bachelor thesis deals with the security of web applications. The main aim is to create complex view of most frequent attacks in practice and also to describe possibilities in prevention of the attacks. The prevention is described for both, user's and developer's side. Thesis contains also information about their origin and reminds the attacks from the past. It includes review of the standards and Czech legislation, which affect the security or define proper way how to develop the application. Important output of this thesis is also list of rules, which helps the developer to design secure application.
|
|
|
Web application security (PHP)
Císař, Daniel ; Jeníčková, Kateřina (advisor) ; Vronková, Lada (referee)
Práce pojednává o běžných bezpečnostních ohrožních webových aplikací, kterou jsem napsané v programovacím jazyce PHP. Nabízí přehled následujících útoků: XSS, CSRF, SQL injection, session stealing, session fixation. V práci je uvedeno, jak se těmto útokům vyvarovat či minimalizovat jejich riziko.
|
guest ::
