|
|
Web application for visualization and analysis of correlation rules deployed in cyberspace
Závišková, Hana ; Říha, Kamil (referee) ; Safonov, Yehor (advisor)
In a world of constantly evolving modern technologies, there is a growing need of developing cyber security strategies to protect digital infrastructures as the number of cyber attacks is rapidly increasing. The main goal of the bachelor thesis is to create a tool for visualizing correlation rules of SIEM systems. The tool is implemented as an extension to an existing web application and aims to allow a security expert or application user to explore user Sigma rules according to different criteria and based on different views. From a theoretical point of view, the bachelor’s thesis focuses on introducing the reader to the basics of cyber security in terms of the motivation for providing security, explaining the basic concepts necessary to understand the content of the thesis and analyzing the perspectives in which cyber attacks can be viewed. It also contains a description of selected cyber attacks, the selection of which is based on the statistics of cyber attacks on the Czech Republic for the first three quarters of the year 2023. This is followed by an explanation of the principles of detection and prevention of cyber incidents, technologies for ensuring protection in cyberspace, including the issue of log sources and platforms for detecting information about threats and the principles of cyber incident investigation. This is followed by an introduction to the legal regulation of cyber security, including a description of ENISA recommendations. The practical part of the bachelor thesis is further divided into four chapters. In the first part, an analysis of available web frameworks that can be used in application development and an analysis of the rule visualization methods used in two modern SIEM solutions were performed. The second phase focuses on the design of different views that can be used to provide a pleasant, intuitive and interactive environment for displaying user rules. The visualization designs include the components available in the D3.js library and working with the MITRE ATT&CK matrix. The second phase also includes the creation of a structure for the layout of the elements in the web application. The third phase is oriented towards approaching the actual implementation of the appropriate views that result from the analysis performed in the second phase. It also includes a description of the experimental environment in which the application was developed and how the data was obtained. The last phase focuses on testing the visual part of the application from the user’s perspective. The whole thesis finishes with a conclusion, which summarizes the results of the bachelor’s thesis, which have been achieved, and suggestions for improving the application in the future.
|
|
|
Software library of basic symmetric and asymmetric primitives of modern cryptography on embedded platforms
Miška, Matěj ; Mlýnek, Petr (referee) ; Lieskovan, Tomáš (advisor)
This master thesis deals with a search of cryptographic primitives for embedded systems, which are tested on Raspberry Pi platforms and the results compared in the subsequent practical part. The content of the research is an explanation of the use of cryptography in information systems, an example of a protocol using cryptography in the energy sector, the selection of cryptographic primitives based on recommendations from security institutions, a description of Raspberry Pi embedded platforms and an introduction of cryptographic libraries providing tools to perform cryptographic operations. The theoretical part of the thesis results in an overview of the information needed to create a test tool. The subsequent practical part deals with the theoretical design of the required tool, the determination of the functions that the tool must have and the way of performing the testing. This is followed by a description of the choice of the programming language and development environment suitable for this work, together with a description of the internal structure of the developed application. The testing parameters are mainly the computational, memory and time requirements of the cryptographic primitives on the system. The paper concludes with methods of running and controlling the application, possible presentation of the measured results, the actual results of testing the selected embedded platforms and a discussion of these results.
|
|
|
Web application for testing web server vulnerabilities
Šnajdr, Václav ; Burda, Karel (referee) ; Smékal, David (advisor)
The Master’s Thesis deals with the design and implementation of a web application for testing the security of SSL/TLS protocols on a remote server. The web application is developed in the Nette framework. The theoretical part describes SSL/TLS protocols, vulnerabilities, recommendations and technologies used in the practical part. The practical part is devoted to the creation of a web application with the process of using automatic scripts to test and display the results on the website with a rating of A+~to~C. The web application also displays a list of detected vulnerabilities and their recommendations.
|
|
|
Web application for creating a cyber security profile
Stejskal, Michal ; Sikora, Marek (referee) ; Dzurenda, Petr (advisor)
This Bachelor thesis describes design and implementation of optimalization program designed to find best combination of courses. The goal in this thesis was to get acquainted with European Cybersecurity Skills Framework (ECSF) in the area of cyber security, optimalization algorithms and with project Cybersecurity Skills Alliance – A New Vision for Europe (REWIRE). This thesis also includes web design and working with the database. Program is developed in the Python, PHP and Javascript programming languages. Between critical requirements of the program belongs optimality of found solution and time in which is the solution found. Program is connected with web interface, in which it is possible to search for optimal combinations based on input constraints.
|
|
|
Software library of basic symmetric and asymmetric primitives of modern cryptography on embedded platforms
Miška, Matěj ; Mlýnek, Petr (referee) ; Lieskovan, Tomáš (advisor)
This master thesis deals with a search of cryptographic primitives for embedded systems, which are tested on Raspberry Pi platforms and the results compared in the subsequent practical part. The content of the research is an explanation of the use of cryptography in information systems, an example of a protocol using cryptography in the energy sector, the selection of cryptographic primitives based on recommendations from security institutions, a description of Raspberry Pi embedded platforms and an introduction of cryptographic libraries providing tools to perform cryptographic operations. The theoretical part of the thesis results in an overview of the information needed to create a test tool. The subsequent practical part deals with the theoretical design of the required tool, the determination of the functions that the tool must have and the way of performing the testing. This is followed by a description of the choice of the programming language and development environment suitable for this work, together with a description of the internal structure of the developed application. The testing parameters are mainly the computational, memory and time requirements of the cryptographic primitives on the system. The paper concludes with methods of running and controlling the application, possible presentation of the measured results, the actual results of testing the selected embedded platforms and a discussion of these results.
|
|
|
Web application for testing web server vulnerabilities
Šnajdr, Václav ; Burda, Karel (referee) ; Smékal, David (advisor)
The Master’s Thesis deals with the design and implementation of a web application for testing the security of SSL/TLS protocols on a remote server. The web application is developed in the Nette framework. The theoretical part describes SSL/TLS protocols, vulnerabilities, recommendations and technologies used in the practical part. The practical part is devoted to the creation of a web application with the process of using automatic scripts to test and display the results on the website with a rating of A+~to~C. The web application also displays a list of detected vulnerabilities and their recommendations.
|
guest ::
