|
| |
|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
| |
|
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
|
|
Development of a calculator for assessing vulnerabilities in Javascript
Škrhák, Pavel ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
The aim of this work is to describe the known methods of vulnerability assessment, and to implement them in a web application using the Vue.js framework. The thesis describes two vulnerability assessment systems, namely CVSS (Common Vulnerability Scoring System) and OWASP (Open Web Application Security Project) Risk Rating Methodology. Their parts, metrics and methods of calculation of the evaluation are described. Subsequently, these systems are compared and their strengths and weaknesses are determined. The work then evaluates some known vulnerabilities using these two assessment methods. The work then describes the design of the frontend and backend of the web application. The frontend uses the Vue.js framework, which allows the creation of dynamic one-page web applications. The components and layout of the application are designed. Furthermore, the appearance of the front application and its components is designed. The backend was designed to suit with the Djnago framework, which together with the django REST framework can be used to quickly create an API (Application Programming Interface) communicating with the database. A model for storing data from a frontend application was designed. The work then describes the implementation of this application divided into frontend and backend. The backend describes the implementation of the API and the database. The implementation of the model itself, serializer and methods for communication with the frontend application are described. In the frontend, a vue router is created, which is used to dynamically change the content of the page, then the components themselves are created, which serve as building blocks of the application. These components contain three parts, namely structure, JavaScript code and CSS (Cascading Sytle Sheets). Components can pass data and call functions of other components. The last part of the work is testing of the application itself. Its functionality is tested by calculating the score of already assessed vulnerabilities and some items of the OWASP ASVS (Application Security Verification Standard). Furthermore, security is tested by testing several known vulnerabilities, along with testing with OWASP ASVS.
|
|
|
Analýza dat z automatických bezpečnostních scannerů
VODSTRČIL, Pavel
This bachelor thesis deals with the examination and processing of reports from automatic vulnerability scanners. In the beginning of the theoretical part there is a brief introduction to scanning. Further are analyzed individual outputs from scanners (reports), description of items. The next part is followed by familiarization with Common Vulnerability Scoring System, which is used in the practical part for evaluation. At the end of the first part are listed some functions of the created application. The beginning of the practical part is devoted to database design and selected framework for creation. The following is an introduction to the functions of the application and the possibility of displaying the results.
|
|
|
Development of a calculator for assessing vulnerabilities in Javascript
Škrhák, Pavel ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
The aim of this work is to describe the known methods of vulnerability assessment, and to implement them in a web application using the Vue.js framework. The thesis describes two vulnerability assessment systems, namely CVSS (Common Vulnerability Scoring System) and OWASP (Open Web Application Security Project) Risk Rating Methodology. Their parts, metrics and methods of calculation of the evaluation are described. Subsequently, these systems are compared and their strengths and weaknesses are determined. The work then evaluates some known vulnerabilities using these two assessment methods. The work then describes the design of the frontend and backend of the web application. The frontend uses the Vue.js framework, which allows the creation of dynamic one-page web applications. The components and layout of the application are designed. Furthermore, the appearance of the front application and its components is designed. The backend was designed to suit with the Djnago framework, which together with the django REST framework can be used to quickly create an API (Application Programming Interface) communicating with the database. A model for storing data from a frontend application was designed. The work then describes the implementation of this application divided into frontend and backend. The backend describes the implementation of the API and the database. The implementation of the model itself, serializer and methods for communication with the frontend application are described. In the frontend, a vue router is created, which is used to dynamically change the content of the page, then the components themselves are created, which serve as building blocks of the application. These components contain three parts, namely structure, JavaScript code and CSS (Cascading Sytle Sheets). Components can pass data and call functions of other components. The last part of the work is testing of the application itself. Its functionality is tested by calculating the score of already assessed vulnerabilities and some items of the OWASP ASVS (Application Security Verification Standard). Furthermore, security is tested by testing several known vulnerabilities, along with testing with OWASP ASVS.
|
|
| |
|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
guest ::
