|
| |
|
|
Advanced proxy for penetration testing
Válka, Michal ; Vilém,, Šlesinger (referee) ; Sedlák, Petr (advisor)
This master’s thesis focuses on improving the open-source proxy tool for penetration testing of thick clients. The thesis is divided into three main chapters, the first of which is focused on the theoretical background on which the thesis is based. The second chapter describes the analysis of the current state and defines user requirements, which must be met. The third chapter deals with increasing the quality and expanding the functionality based on user requirements. At the same time, a testing methodology is created and a vulnerable application is developed as a teaching material for the methodology. The chapter concludes with a summary of the economic costs and benefits of the application for the penetration testing process.
|
|
|
Application for illustrating the structure of the tested environment
Kuřina, Petr ; Holasová, Eva (referee) ; Kuchař, Karel (advisor)
This bachelor work deals with the creation of an application for the representation of the structures of the tested environment. The theoretical part describes the tools that are processed in the practical part, they are mainly the JavaScript programming language, Vue.js framework and penetration testing in general. The practical part presents the results of network topology testing was performed by Nmap tool. The aim of the practical part is to create an application that will clearly explain the results of testing to the user.
|
|
|
Web platform to support penetration testing
Lazarov, Willi ; Kuchař, Karel (referee) ; Martinásek, Zdeněk (advisor)
The bachelor thesis deals with the design, development, and implementation of a web platform to support penetration testing. The theoretical part of the thesis is devoted to the description of penetration testing and vulnerability severity assessment. Next, the technologies used in the development of the final solution are described. The practical part describes the gradual solution of partial requirements of the web platform. The individual chapters summarize the problem, design, and implementation of the solution. The practical part starts with the design of a highly scalable model that addresses the main problem of the assignment of this thesis. Next, the design of the platform, its embedding in the proposed model, and the development of a modular web application. Furthermore, the actual development of the application part is described, specifically, its connection with the relational database, tools for automated penetration testing, and the report generator. In the next chapter, the testing of the platform in a production environment is described. The last chapter compares relevant tools for penetration testing. The result of the work is a web platform with the main purpose of increasing the effect of penetration testing to such an extent that the time, complexity, and work required to successfully complete the entire test will be considerably lower than using currently relevant available tools.
|
|
|
Open data gathering and how to use it in cybersecurity
Gašparová, Marta ; Malina, Lukáš (referee) ; Paučo, Daniel (advisor)
This thesis deals with Data Gathering from Open Sources which can be used in Cyber Security; an analysis of the OSINT tools; a creation of a Data Gathering Tool itself. The theoretical part of the thesis explores Data Gathering within the framework of Ethical Hacking and in which phase of Penetration Testing the Data Extraction is crucial. Following the analysis of the OSINT tools the Practical part of the thesis examines the Created Tool itself which was written in Python programming language. Via API interface the Tool allows interaction with other OSINT tools such as Censys, crt.sh or DNSDumpster. After entering the IP address or domain of the target company the Tool is able to search for basic information such as location, DNS names and running services. Based on the target URL the Tool is able to show both present and absent HTTP security headers on the given website and also based on the entered domain it can search for SSL/TLS certificates, subdomains and emails of the target company.
|
|
|
Cyber game for the OpenStack platform
Píš, Patrik ; Holasová, Eva (referee) ; Martinásek, Zdeněk (advisor)
This bachelor's thesis presents matters of penetration testing and ethical hacking with primary focus on binary exploitation. The main goal of this bachelor's thesis was to design and implement a cyber game which focuses on combining various exploitation techniques and presenting them in educative and engaging way. The theoretical part of this thesis concentrates on penetration testing methodology and provides a detailed analysis of a given vulnerability's mechanics and technologies that were crucial for the game's development. Practical part of this thesis consists of a detailed description of the game's design and implementation to OpenStack and cyber arena platforms. Additionally, the practical part of this thesis focuses on development of vulnerable applications, methodology and steps necessary for their successful exploitation. Due to the character of cyber game, a few protection mechanisms were necessary to deploy, and their description takes place in practical part of this bachelor's thesis as well.
|
|
|
Penetration test of camera system
Slaný, Radek ; Martinásek, Zdeněk (referee) ; Paučo, Daniel (advisor)
This bachelor thesis is dedicated to penetration testing of camera system ADEROS. Virtualized testing enviroment was created for purposes of penetration testing. This enviroment was reachable via VPN. In the first part of the practical part was performed scanning of the camera system. In the second part of the practical part was selected a methodology according to results from the first part. In this part is also described process of the penetration testing of the camera system as well as process of stress testing of the web interface. In third part of practical part were results of penetration testing processed into report. Main goal of this thesis is realization of penetration and stress testing, processing the results into clear report and recommendation to remediate found vulnerabilities.
|
|
|
PHP web application for penetration testing of the PrestaShop system
Richter, Dominik ; Člupek, Vlastimil (referee) ; Slunský, Tomáš (advisor)
This diploma thesis is focused on the development of an application in PHP program- ming language for penetration testing of web other applications using PrestaShop sys- tem. Similar to PrestaShop, other platforms mediating the implementation of online stores are a very exposed point of contact with customers. Therefore, they are also the target of many cyber-attacks against which they need to be protected. In the theoret- ical part of the thesis, the reader is introduced to PHP, MySQL or Laravel framework technologies and MVC web application architecture including REST API. Furthermore, the PrestaShop system and the penetration testing methodology are described in detail. In the practical part of the thesis, the development and testing environment is intro- duced and the PrestaCure web application with implemented penetration testing suite is described. The results of the thesis show the full functionality and usability of the implemented application in practice also with respect to the simplicity and modularity of adding additional penetration tests.
|
|
|
Advanced Penetration Testing Of Obfuscated Android Applications
Michalec, Pavol
Android applications are susceptible to security vulnerabilities just like any other application. To minimize the risk and detect any potential vulnerabilities, penetration tests are conducted. However, many clients are not willing or are not capable to provide unobfuscated version of the application with security defenses disabled. It is up to the testers to bypass all these restrictions and properly test the application. Bypassing all the restrictions takes considerable ammount of time, thus making the test more expensive. This paper describes methodology for dealing with obfuscation as quickly as possible without creating unnecessary code or introducing additional tools.
|
|
|
Specific modules for manual security testing support
Osmani, Jakub ; Safonov, Yehor (referee) ; Paučo, Daniel (advisor)
This bachelor thesis deals with the concept of penetration testing and the standards that coincide with it. The main aim of the theoretical part of this thesis is to describe the world of penetration testing, and the widely known OWASP documentation. Vulnerabilities from the top 10 vulnerabilities list as well as recommendations about secure web application development, from the Application Security Verification Standard (ASVS), are provided. The practical part of this thesis is focused on the development of three tools, that are to be used to help automate certain aspects of penetration testing.
|
guest ::
