|
|
Web application security testing
Kapal, Martin ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This bachelor's thesis deals with the topic of web application security. The purpose of the theoretical section is to introduce the problem of web application security in general and highlight the means of exploiting the security vulnerabilities. The next part of this section is dedicated to the Open Web Application Security Project (OWASP) organization, with the primary focus on the OWASP Top Ten Project, describing the ten most critical web application security vulnerabilities. The practical section is about testing the security of the given application using penetration testing. After introducing the application, appropriate testing tools are selected and the testing process is described. Finally, the test results are summarized and all found security weaknesses are fixed.
|
|
|
Laboratory exercise that presents network attacks
Dostál, Adam ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This work is focused on penetration testing of web applications. The theoretical part describes this issue and methodology. The work includes security organization "The Open Web Application Security Project" (OWASP), document OWASP Top 10 and the first 5 vulnerabilities of this document. The last part introduces linux distribution Kali Linux and the several most used penetration tools. The practical part consists of testing the first five vulnerabilities in the document OWASP Top 10 2013. It contains a description of the used SW for the realization of the attacks, virtual infrastructure and test of each vulnerabilities. From the practical part is created laboratory task "Penetration testing of web applications" and additional introductory task "Introduction into penetration testing".
|
|
|
Web-Based Application Vulnerability Testing
Bendík, Lukáš ; Barabas, Maroš (referee) ; Koranda, Karel (advisor)
Goal of the thesis is to provide an overview of most common vulnerabilities occurring in web-based applications and methods, which are used for testing them. With each vulnerability there is given a description, example and methods of securing the applications against it. The thesis also introduces automatic tools, which are used for web-based application vulnerability testing. As a part of thesis, there was implemented an web-based application with embedded vulnerabilities. On this application it is possible to put to test the theoretical methods of testing along with automated tools dedicated for this purpose.
|
|
| |
|
|
Penetration Testing of an Open-Source Software
Hrozek, Jakub ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
This thesis discusses the design and implementation of integrated penetration testing system. In the first two chapters, the reader is introduced to the topic of penetration testing. The basic techniques and classification of tests are described as well as some of the most widely used methodologies. It also discusses the need to automate the testing process. The fifth and sixth chapter discuss specification and detailed design of integrated penetration testing tool. Its implementation and the problems that had arisen during the process are the theme of chapter seven. The last part of the thesis describes practical experiments done with the tool and gives the reader some advice on securing computer networks.
|
|
| |
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Firewall security audit
Krajíček, Jiří ; Pelka, Tomáš (referee) ; Pust, Radim (advisor)
An aim of master´s thesis is Firewall security audit. Main tasks this work is introduce with principles of application for audit, create methodology and with this methodology make security audit of the selected firewalls. Theoretical part of this document deal with firewalls and possibilities of integration into network infrastructure. And next with audit and principles of application for security audit. Next practical part of this document deal with creation methodology and procedures including penetration testing. With this methodology is created audit of linux firewall and ISA 2006 included tips for change configuration providing more security.
|
|
|
Tool creation for an automated penetration testing of web applications
Kiezler, Tomáš ; Hradil, Jiří (advisor) ; Pavlíček, Luboš (referee)
This thesis focuses on security of web applications, which can be measured by the results of penetration testing. In the theoretical section of this study individual methods of how the testing can be performed are outlined. This study then outlines the advantages and disadvantages of automated testing compared to manual testing, and the tools which incorporate automated scanning for security of web applications are scrutinized. Statistics of security risk occurrences found on the Czech Internet are also included. The practical part depicts the creation of a tool for automated testing, written in the most frequently used programming language in web development, that will be able to detect the most common weaknesses. The tool is developed to show ways of detecting certain risks and to inspect whether it is possible to automate the search. The primary aim of this study is to introduce the reader to the field of security of web applications, present to them the legality of penetration testing and introduce them to options of finding and fixing security risks and avoiding them in web development.
|
|
|
Knowledge sharing applications and their safety
Kůrka, Jan ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
The purpose of this bachelor's thesis is to describe security issues of knowledge sharing web applications. Basic terms related to the topic are defined in the theoretical part. Types of tests that can be used to verify safety of the application are described further, followed by introduction of OWASP foundation and their development and documentation projects. The project OWASP Top Ten 2013 informing about the ten most critical security threats to web application is then described in more detail. Finally, theoretical part presents knowledge sharing applications and their best-known open-source representatives. Practical part of the thesis is dedicated to penetration testing the three most widely used wiki applications. A particular testing methodology is presented, including the procedure and the results of the tests themselves. The results are commented and explained in detail and the overall security of every application is evaluated. Contribution of this bachelor's thesis is verification of security in currently most widely used knowledge sharing applications and finding their vulnerabilities. The test results together with the found insufficiencies will be sent to the developers of these applications.
|
guest ::
