|
|
Vulnerability assesment tools
Charvát, Michal ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
This bachelor thesis is focused on a specific area of information systems security, which is called vulnerability assesment. Vulnerability assesment is executed with special tools called vulnerability scanners. In the the beginning of the first part I will introdukce the area of information systems security and its breaf history, the basic terms of vulnerability assesment and related topics, such as penetration testing. In the following part few test will be executed using some of the chosen available and free tools and then analyze its results. The main criteria will be the number and criticality of the given vulnerabilities. Finally the user-friedly aspect of each tool will be evalueted, which could be a little subjective matter.
|
|
|
Security evaluation of the PHP application according to OWASP ASVS standard
Sůva, Jakub ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
The goal of this bachelor's thesis is to verify security level of web application. Verification is based on the standard called OWASP ASVS 2013 Beta especially on its first level of requirements. To achieve the goal thesis uses semi-automated white box penetration tests and interview. The thesis is limited to testing of PHP web applications and it is divided into two main sections, theoretical and practical. The theoretical part is mainly focused on introducing penetration testing of web applications in general. Cardinal part is description of OWASP ASVS 2013 Beta. A research of automated testing tools is done in the practical section. One of the tools is chosen afterwards to make the testing of web application more efficient. Practical part is mostly focused on the tests themselves. The end result is comprehensible report with outcomes and their interpretation.
|
|
|
Web application security
Matušek, Václav ; Palovský, Radomír (advisor) ; Pinkas, Otakar (referee)
The Bachelor thesis deals with the security of web applications. The main aim is to create complex view of most frequent attacks in practice and also to describe possibilities in prevention of the attacks. The prevention is described for both, user's and developer's side. Thesis contains also information about their origin and reminds the attacks from the past. It includes review of the standards and Czech legislation, which affect the security or define proper way how to develop the application. Important output of this thesis is also list of rules, which helps the developer to design secure application.
|
|
|
Information Security Risk Analysis in company operating in the distribution of healthcare and beauty products
Genský, Oliver ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This thesis processes the risk analysis topic, which is included in the overall information security management system. Thesis is divided into two parts; theoretical and practical. Terms and processes used in the risk analysis are included in the theoretical part. This section also describes standards that offer best practices of information security management, based on historical experience in variety of businesses. The defined terms and the chosen standards and methods are thereafter applied in the practical section, where risks of a particular business are analyzed and afterwards supported by an evaluation of risks and proposed solutions. This work is concluded by an overall information security report, which is consulted with the lead management of the business.
|
|
|
Vulnerability Management in the Corporate IT Infrastructure
Hronek, Tomáš ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The present thesis deals with the area of vulnerability management and its relation to information security. Its main purpose is to set the topic of vulnerability management in context of company information security and to explain its relationship to related disciplines. In the practical part, selected vulnerability assessment tools are compared and methodology is applied to determine the criticality of the vulnerabilities identified in relation to the provided IT services. The objectives were achieved by literature review, personal consultations with employees responsible for information security at J&T Bank and by comparing the results of several tools for assessing vulnerability (Nessus, Retina, OpenVAS, Nexpose, Tripwire). To date, there has not been published a thesis devoted exclusively to the topic of vulnerability management. This thesis is the first one to provide comparable results of vulnerability scanning of the same targets. Equally valuable is the application of Common Vulnerability Scoring System to determine the criticality of the vulnerabilities identified in relation to delivered IT services.
|
|
|
Procedures of information risk management of software companies.
Fischer, Radek ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
Subject of the thesis is to take up possibilities of practical using of the Risk analysis which is a part of the Information security management system. Thesis is focused on risk management for typical organization which creates information systems. Main part of the thesis is the description of "ČSN ISO/IEC 27005:2013 - Information technology - Security techniques -- Information security risk management" standard, how could this standard be applied and also contains the explanation of typical examples of assets which can be in similar types of organizations. Theoretical part is aimed on explanation of key words in literature and closer description of organizations which creates this standard. Practical part shows creation of the Risk analysis methodology according to different accesses that are contained in this standard. Thesis continues with application of specific part of this methodology in practice. Assumed contribution of this thesis is better understanding to the process of making the Risk analysis methodology and possibilities its application in practice.
|
|
|
Security testing tools for ASP.NET applications
Kikerle, Martin ; Buchalcevová, Alena (advisor) ; Vít, Jan (referee)
The purpose of this thesis is to create a methodology which helps ASP.NET developers to test their web applications for the presence of the most common vulnerabilities. The theoretical part is focused on the ways of application testing and briefly describes ten of the most common web application vulnerabilities, so-called OWASP Top Ten 2013. The web application testing methodology is included in the practical part. A process of the application testing is the key part of the methodology. The designed methodology is used for the selected web application testing.
|
|
|
Zhodnotenie dopadu programu Chile Solidario na socioekonomickú situáciu v Chile
Lovíšková, Martina
This thesis analyzes the history of Latin America in general and the history and present situation in Chile in particular. The main objective of this analysis is to point out the cause of creation and introduction of conditional cash transfer program Chile Solidario in Chile. The program aims to reduce the number of people living in conditions of extreme poverty and there is also an effort to achieve social inclusion of the families living in such conditions. This thesis is focused on evaluating and analyzing this program to determine its impact on socio-economic situation in the country.
|
|
|
"Stress and burnout by kindergarten teachers in context with personality characteristics."
BAKEŠOVÁ, Ivana
The bachelor thesis is dedicated to burnout and its relation to personal and social qualities of nursery school teachers. The theoretical part describes phases, causes and displays of burnout, possibitilies of prevention and treatment. It dealswith differences in personal qualities, especially in connection with the ability to face stress and preassure and deal with them effectively. It also points out the specifics of the work at nursery schools. The practical part contains the results of the questionnaire sutvey of nursery school teachers in Tábor and its vicinity. The aim is to find out if personal and social qualities are linked with burnout and to what extent.
|
|
|
Ethical-psychological Contexts of a Relationship between a Social Worker And a Client
SÝKOROVÁ, Eva
The thesis reflects a relationship between a social worker and a client within ethical-psychological contexts and provides understanding of its significance. It gives an insight into conditions for establishing an optimum relationship between a social worker and a client and into risks that may disturb the mutual relationship, especially the risk of power. The terms of social worker, client and their relationship are characterized in terms of professional ethics. If an ethical reflection is to be competent, it is to cover psychological knowledge such as human needs, incentives and motives for acting. To conclude, ethical solutions a social worker should take into account in relation to a client are defined. These are human dignity, respect, autonomy, responsibility, dependency and vulnerability.
|
guest ::
