|
|
Information systems security penetration testing
Klíma, Tomáš ; Doucek, Petr (advisor) ; Čermák, Igor (referee) ; Čapek, Jan (referee) ; Štubňa, Ivan (referee)
The aim of this dissertation thesis is to develop new methodology of information systems penetration testing based on analysis of current methodologies and the role of penetration tests in context of IS/IT governance. Integral part of this aim is evaluation of the methodology. The first part of the thesis is devoted to the presentation of history and current state of research in selected area, definiton of basic terms and introduction of role of the penetration tests. This part is followed by the review of relevant sources and comparative study of current methodologies with a goal to identify their weaknesses. Results from this study are further used as a basis for new methodology development. Classification of IS penetration tests types and testing scenarios are also included. The second part includes design of new methodology, at first its history, structure and principles are presented, then its framework is decribed in high level of detail. In the third part the reader can find (theoretical and practical) validation. The biggest scientific contribution is the methodology itself focused on managment of penetration tests (which is the area currently not sufficiently descibed). Secondary contribution is the extensive review and the comparative analysis of current methodologies. Contribution to the economic and technical (practical) application we can mainly see in the development of new methodology which enables companies to improve management of penetration tests (especially planning, operational management and implementation of countermeasures).
|
|
|
Analysis of security access to internet banking via mobile devices
Hiršal, Michael ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The objective of this thesis is to analyze and review external security of mobile applications providing mobile banking on Android operating system. The theoretical section is aimed to describe the prerequisites for security analysis and the technological design of security for this kind of applications. Related practical section is based on the data acquired by the author in which the technological security is examined. Products of the companies Air Bank, a.s. and Moneta Money Bank, a.s. were selected to be examined in the practical section. These two companies are sample of the current Czech bank market. The examined level of security of both of the applications and their comparison are covered in the conclusion of the thesis.
|
|
|
Denial of service attacks
Marek, Viktor ; Klíma, Tomáš (advisor) ; Veber, Jaromír (referee)
The main objective of this bachelor thesis is an analysis of denial of service attacks and the subsequent simulation of selected denial of service attacks. To achieve the goal of this thesis, the initial point in theoretical part consists of the defined main terms related to denial of service attacks. These terms are: cyber attacks, denial of service attack and distributed denial of service attacks. Further in this part of this thesis is defined description of the person who executes denial of service attacks and motives, which lead the person to these acts. At the conclusion of the theoretical part of the thesis are mentioned several classifications of denial of service attacks. The practical part of the thesis is then focused on the analysis of the most frequent denial of service attacks and their possible defense. Furthemore, this section also includes a general defense against denial of service attacks and the known examples of denial of service attacks younger than two years. Based on the acquired knowledge about the denial of service attacks, is in the conclusion of the practical part of the thesis made simulation of two selected methods of denial of service attacks.
|
|
|
Vulnerability assesment tools
Charvát, Michal ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
This bachelor thesis is focused on a specific area of information systems security, which is called vulnerability assesment. Vulnerability assesment is executed with special tools called vulnerability scanners. In the the beginning of the first part I will introdukce the area of information systems security and its breaf history, the basic terms of vulnerability assesment and related topics, such as penetration testing. In the following part few test will be executed using some of the chosen available and free tools and then analyze its results. The main criteria will be the number and criticality of the given vulnerabilities. Finally the user-friedly aspect of each tool will be evalueted, which could be a little subjective matter.
|
|
|
Web Application Security Testing and implementation of fixes
Doležal, Ondřej ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The main objective of this bachelor thesis is to introduce the topic of web security as the part of development. This thesis mentions the most critical web application security risks and tools which developers may use to test such risks. Another objective of the thesis is to introduce a web application which this author co-developed and which is the subject of security testing and following implementation of fixes.
|
|
|
Censorship of internet in Russia
David, Jakub ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The target of the thesis to reveal how much is possible to find out the truth about sensitive governmental topics from Russian mass media. In thesis will be compared results from Google and another search engine with results from another countries where that search engines is located. The thesis will be supported by citizen of Russian Federation and employee of anti propagandistic department in Brussels. Theoretical part of thesis will be dealing with censorship on the internet in general and ways how it could be realized. In thesis will be outline opportunities how censorship could be ignored. In practical part will be compared results from Russian search engine with Czech and another theirs American and European versions. Trough tracing will try to find out where exactly come about blocking of data retrieval and handling with results in case it will be manifested
|
|
|
Anonymization on the Internet with focus on the end user
Řapek, Lumír ; Klíma, Tomáš (advisor) ; Veber, Jaromír (referee)
The Bachelor thesis deals with anonymization on the Internet with focus on the end user. The theoretical part describes information and tracks which user leaves behind while using the Internet. Attacks and threats which may endanger the user's anonymity are also discussed. The practical part is focused on easily available forms of anonymization. For this reason, the first part contains the description and multi-criteria comparison of anonymization extensions for web browsers which allow at least change of IP address. The second part contains the description and comparisons of two plug & play devices that also provide relatively easy way of anonymization.
|
|
|
Sharing informations in anonymous networks
Jonák, Martin ; Zumr, Jiří (advisor) ; Klíma, Tomáš (referee)
This work aims to introduce possibilities of sharing informations in envinroment of anonymous and P2P networks. The first part describes the principles of selected tools that allow access to an environment of anonymous networks. At second part is reader acquainted with processes of publishing informations in the form of webpage in that environment. The end compares advantages and disadvantages of each solutions.
|
|
|
Testing e-commerce applications security
Trnka, Karel ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The purpose of this bachelor's thesis is to describe concept of testing e-commerce applications security. The first part is dedicated to theoretical level. There are definitions of basic terms connected with the topic of this thesis followed by description of penetration testing. At the end of the first part of this bachelor's thesis there is introduction to project OWASP (Open Web Application Security Project) and documentation project Top Ten which describes ten most critical web applications security risks. Second part of this thesis is dedicated to practical penetration testing of three chosen e-commerce products. There is introduction to procedure and method of conducted and by the OWASP method standardized tests. Final report is included in next chapter also with possible solutions and recommendations based on the test results. Contribution of this thesis lies in finding vulnerabilities in selected e-commerce products. The final report will be sent to the developers of these applications together with proposals to address problems discovered.
|
|
|
The testing of wireless network called Eduroam at University of Economics in Prague
Tomandl, Zdeněk ; Pavlíčková, Jarmila (advisor) ; Klíma, Tomáš (referee)
The bachelor thesis is focused on Wireless Network Security Testing, namely to the testing of wireless network called Eduroam at University of Economics in Prague. The main target of the paper is to test the Eduroam wireless network security using a WIPE methodology and going to the point of a complete security break. The thesis is divided into a theoretical and a practical part. The theoretical part explains penetration testing, types of tests, ISSAF and OSSTMM methodologies and further deals with phase 1 to 4 of WIPE methodology supported by a further information from a specialized literature and other sources. The practical part describes security test of Eduroam wireless network, which is finalized by security break-in. A positive impact of the paper has not only the security test itself but as well a research of the wireless networks settings used on students devices. A reader of the thesis should have gain a basic knowledge about existing types of security systems, penetration tests, and about possibilities how to execute them.
|
guest ::
RSS feed.