|
Existing Attacks on SSL/TLS Protocol
Lysoněk, Milan ; Smrčka, Aleš (referee) ; Fiedor, Tomáš (advisor)
SSL/TLS is a modern cryptographic protocol, which secures the communication between client and server. However, there are attacks on this protocol which can compromise communication either by eavesdropping or disruption. Defending against such attacks and testing the bulletproofness of protocols is a challenging process. This work describes attacks on SSL/TLS and implements selected attacks within tlsfuzzer --- a sophisticated solution for testing SSL/TLS implementations. The resulting implementation of attacks is demonstrated on three SSL/TLS implementations.
|
|
Tool for Security Auditing Of Linux/Unix/AIX OS
Koppon, Martin ; Homoliak, Ivan (referee) ; Barabas, Maroš (advisor)
The subject of this bachelor's thesis is in regards to an issue of automated testing of Linux, Solaris and AIX operating systems according to security configuration audit in consideration of applicable norms and established standards. The bachelor thesis deals with risk analysis, its assessment and risk mitigation and evaluation policy compliance. For this purpose, a tool was designed for operating systems mentioned earlier. It is implemented in the bash script language. The tool allows automated vulnerability management depending on established standards of SCAP: CCE, CVE, XCCDF, OVAL and CIS a NVD specifications. Moreover, it helps to reduce the time requirements during the auditing process while preserving an integrity of the auditing system.
|
| |
|
Vulnerability Detection Service of Web Page Libraries
Bednář, Radek ; Zendulka, Jaroslav (referee) ; Volf, Tomáš (advisor)
This thesis deals with the creating of an application for the detection of technologies used on websites and finding their vulnerabilities. Application is implemented using the Symfony Framework and the React.js library. The information source is the NVD database joined by data from the GitHub service. Apart from the detection of technologies, the application allows the user to manually create his own sets of technologies and share them using the URL address.
|
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
| |
| |
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
|
Vulnerability Detection Service of Web Page Libraries
Bednář, Radek ; Zendulka, Jaroslav (referee) ; Volf, Tomáš (advisor)
This thesis deals with the creating of an application for the detection of technologies used on websites and finding their vulnerabilities. Application is implemented using the Symfony Framework and the React.js library. The information source is the NVD database joined by data from the GitHub service. Apart from the detection of technologies, the application allows the user to manually create his own sets of technologies and share them using the URL address.
|
|
Existing Attacks on SSL/TLS Protocol
Lysoněk, Milan ; Smrčka, Aleš (referee) ; Fiedor, Tomáš (advisor)
SSL/TLS is a modern cryptographic protocol, which secures the communication between client and server. However, there are attacks on this protocol which can compromise communication either by eavesdropping or disruption. Defending against such attacks and testing the bulletproofness of protocols is a challenging process. This work describes attacks on SSL/TLS and implements selected attacks within tlsfuzzer --- a sophisticated solution for testing SSL/TLS implementations. The resulting implementation of attacks is demonstrated on three SSL/TLS implementations.
|