|
|
Laboratory exercise that presents network attacks
Dostál, Adam ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This work is focused on penetration testing of web applications. The theoretical part describes this issue and methodology. The work includes security organization "The Open Web Application Security Project" (OWASP), document OWASP Top 10 and the first 5 vulnerabilities of this document. The last part introduces linux distribution Kali Linux and the several most used penetration tools. The practical part consists of testing the first five vulnerabilities in the document OWASP Top 10 2013. It contains a description of the used SW for the realization of the attacks, virtual infrastructure and test of each vulnerabilities. From the practical part is created laboratory task "Penetration testing of web applications" and additional introductory task "Introduction into penetration testing".
|
|
| |
|
|
The Information Security Management in Company
Kalabis, Petr ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
This master thesis is focused on the design of implementation the information security management system in the company according to standards ISO/IEC 27000. First of all, it was described the theory of information security management system and it was explained the relevant terms and other requirements in the context of this issue. This assignment involves analysis of the current situation of the company and suggestions that lead to reducing discovered risks and bring improvement of the general information security.
|
|
|
Web-Based Application Vulnerability Testing
Bendík, Lukáš ; Barabas, Maroš (referee) ; Koranda, Karel (advisor)
Goal of the thesis is to provide an overview of most common vulnerabilities occurring in web-based applications and methods, which are used for testing them. With each vulnerability there is given a description, example and methods of securing the applications against it. The thesis also introduces automatic tools, which are used for web-based application vulnerability testing. As a part of thesis, there was implemented an web-based application with embedded vulnerabilities. On this application it is possible to put to test the theoretical methods of testing along with automated tools dedicated for this purpose.
|
|
|
SQL Injection Vulnerability Locator for Kentico CMS
Pintér, Dominik ; Ruttkay, Ladislav (referee) ; Solár, Peter (advisor)
This barchelor's thesis describes the design of an application for locating SQL injection vulnerabilities in Kentico CMS. The application is based on static code analysis. It searches for places where Kentico CMS communicates with database and explorers them. The aim is to find protection against SQL injection. If protection is not found, the found place is marked as unprotected. The application works with Windows operating systems and needs .NET framework version 2.0. The main aim is to introduce a tool for locating specific vulnerabilities for one system (application). However, the author tried to describe the main ideas in a way that this paper can be used as a manual for another system or another vulnerability. The first part of the paper is about Kentico CMS and it's focused on how Kentico CMS works with database. The next part si dedicated to SQL injection vulnerabilities and protection against them. The largest part of the paper is focused on the design of the application. The semifinal part describes its implementation and testing. The conclusion contains evaluation of the tool and there are some ideas how this project can be improved.
|
|
|
Tool for SQL Injection Vulnerability Detection
Kutypa, Matouš ; Samek, Jan (referee) ; Barabas, Maroš (advisor)
The Bachelor thesis is focused on the issue of SQL injection vulnerabilities. The thesis presents commonly used procedures in the attacks against information systems and are also discussed possibilities of defense including the correct ways of input validation. The theoretical part contains the essential foundation of what should the penetration tester know, to be able to examine the inputs of application for SQL injection vulnerability. The thesis also describes analysis, design and implementation of specialized tool for Web application vulnerability detection. The implemented tool was tested and compared with other existing tools. Within the thesis has been also implemented a Web application, which demonstrates many different variants of SQL injection vulnerable inputs.
|
|
|
Penetration Testing of an Open-Source Software
Hrozek, Jakub ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
This thesis discusses the design and implementation of integrated penetration testing system. In the first two chapters, the reader is introduced to the topic of penetration testing. The basic techniques and classification of tests are described as well as some of the most widely used methodologies. It also discusses the need to automate the testing process. The fifth and sixth chapter discuss specification and detailed design of integrated penetration testing tool. Its implementation and the problems that had arisen during the process are the theme of chapter seven. The last part of the thesis describes practical experiments done with the tool and gives the reader some advice on securing computer networks.
|
|
|
Decision Risks Management Methods
Janošík, Petr ; Chudý, Peter (referee) ; Kreslíková, Jitka (advisor)
This thesis deals with the matter of risk managament in IT projects. It explains the importance of risk management in such projects and shows different ways and methods of managing and analyzing the risks. After explaining the basic concepts and the various phases of risk management the text focuses on two methods of risk analysis - the fault tree analysis of event tree analysis. Use of both methods is explained for both quantitative and qualitative analyses. The second half of the work includes the design of an application for the support of risk analysis employing the methods of fault tree analysis and event tree analysis. This is followed by a description of the implementation of the proposed system in a web environment using jQuery, Nette Framework and Dibi.
|
|
| |
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
guest ::
