|
|
Web Application Security Testing and implementation of fixes
Doležal, Ondřej ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The main objective of this bachelor thesis is to introduce the topic of web security as the part of development. This thesis mentions the most critical web application security risks and tools which developers may use to test such risks. Another objective of the thesis is to introduce a web application which this author co-developed and which is the subject of security testing and following implementation of fixes.
|
|
|
Defense against social engineering attacks
Škopec, Antonín ; Sigmund, Tomáš (advisor) ; Šimek, Luděk (referee)
This theses concerns with social engineering and defense against it. Social engineering attacks represents significant threat for organizations and their information systems, especially because they target weakest link in information systems security, its users. That way attacker can easily bypass even highly sophisticated security system. This theses tries to deal with question, how to effectively secure human factor of information system.
|
|
|
Testing e-commerce applications security
Trnka, Karel ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The purpose of this bachelor's thesis is to describe concept of testing e-commerce applications security. The first part is dedicated to theoretical level. There are definitions of basic terms connected with the topic of this thesis followed by description of penetration testing. At the end of the first part of this bachelor's thesis there is introduction to project OWASP (Open Web Application Security Project) and documentation project Top Ten which describes ten most critical web applications security risks. Second part of this thesis is dedicated to practical penetration testing of three chosen e-commerce products. There is introduction to procedure and method of conducted and by the OWASP method standardized tests. Final report is included in next chapter also with possible solutions and recommendations based on the test results. Contribution of this thesis lies in finding vulnerabilities in selected e-commerce products. The final report will be sent to the developers of these applications together with proposals to address problems discovered.
|
|
|
The testing of wireless network called Eduroam at University of Economics in Prague
Tomandl, Zdeněk ; Pavlíčková, Jarmila (advisor) ; Klíma, Tomáš (referee)
The bachelor thesis is focused on Wireless Network Security Testing, namely to the testing of wireless network called Eduroam at University of Economics in Prague. The main target of the paper is to test the Eduroam wireless network security using a WIPE methodology and going to the point of a complete security break. The thesis is divided into a theoretical and a practical part. The theoretical part explains penetration testing, types of tests, ISSAF and OSSTMM methodologies and further deals with phase 1 to 4 of WIPE methodology supported by a further information from a specialized literature and other sources. The practical part describes security test of Eduroam wireless network, which is finalized by security break-in. A positive impact of the paper has not only the security test itself but as well a research of the wireless networks settings used on students devices. A reader of the thesis should have gain a basic knowledge about existing types of security systems, penetration tests, and about possibilities how to execute them.
|
|
|
E-learning applications and data security
Menčík, Jan ; Veber, Jaromír (advisor) ; Čermák, Radim (referee)
This bachelor's thesis addresses the topic of security threats for web applications, with the practical part presenting a security assessment of selected e-learning applications. It describes the most common current threats for web applications, attack techniques and security techniques. The web environment gave rise to a whole range of techniques for breaching the security of web applications, and this thesis therefore presents the most common threats. The second part of the thesis introduces security techniques, both general techniques based on securing the protocol and techniques against specific threats. The protocol on which an application runs is one of the most important security components, and therefore the thesis analyses the functioning of the HTTPS protocol and its security layers in greater detail. The following part provides an analysis of the field of e-learning security. The reader learns about the security risks which he can encounter in operating open source e-learning solutions. The conclusion of the theoretical part describes the basic principles of security testing by means of the methods defined by the Open Web Application Security Project. The practical part of the thesis deals with the results of security testing of three selected open-source software systems: Moodle, Dokeos and eFront. The testing was focused on threats introduced in the theoretical part of the thesis and uses the findings from the OWASP Testing Guide v3. Individual testing attacks, their results and overall security recommendations are described for every tested e-learning system. The conclusion of the practical part provides an overall assessment of the tested systems.
|
|
|
Security evaluation of the PHP application according to OWASP ASVS standard
Sůva, Jakub ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
The goal of this bachelor's thesis is to verify security level of web application. Verification is based on the standard called OWASP ASVS 2013 Beta especially on its first level of requirements. To achieve the goal thesis uses semi-automated white box penetration tests and interview. The thesis is limited to testing of PHP web applications and it is divided into two main sections, theoretical and practical. The theoretical part is mainly focused on introducing penetration testing of web applications in general. Cardinal part is description of OWASP ASVS 2013 Beta. A research of automated testing tools is done in the practical section. One of the tools is chosen afterwards to make the testing of web application more efficient. Practical part is mostly focused on the tests themselves. The end result is comprehensible report with outcomes and their interpretation.
|
|
| |
|
|
Web Application Security Testing
Bukovský, Ondřej ; Pavlíček, Luboš (advisor) ; Mészáros, Jan (referee)
This work is aimed on documenting the use of tools for security testing of web applica-tions. First part of the work lists and describes most common vulnerabilities. Then tools to detect these vulnerabilities are tested. The most suitable tool, or a combination of tools, suitable for repeated and automated security testing, is selected. Another goal is the inte-gration of automated security testing into the development lifecycle of web application. The benefit would be facilitation of web application security testing for individuals or small teams.
|
|
|
Wireless networks security assessment
Klíma, Tomáš ; Pavlíček, Luboš (advisor) ; Beneš, Jiří (referee)
Main focus of this thesis is on wireless networks security auditing. Author's goal is to create new penetration testing methodology for wireless networks WIPE and prove its usability in real terms. This new methodology is based on currently used methodologies, approaches and tools, which are introduced and tested further in the work.
|
|
|
Penetration testing of servers
Vovesný, Martin ; Pavlíček, Luboš (advisor) ; Bykadorov, Andrej (referee)
This thesis is focused on the security rating dilemma of computer defense with the help of penetration testing tools. The author's goal is to test company's specific servers and evaluate their security in the view of potential network attacks. Furthermore, during the penetration testing the author is using already known and secure methods. He uses this methodology with these tools which have demonstrated practical usability.
|
guest ::
