|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Čermák, Miroslav (referee)
Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are characterized possibilities of further development in area of better results of false positives. Implemented detection of all proposed attacks did slow down server response time by 10% and was able to detect more than 99% SQL injection, Path traversal and SSI injection attacks contained in web application security scanners.
|
|
Websites in terms of security against attacks
Kučera, Jan ; Benda, Petr (advisor) ; Havránek, Martin (referee)
This bachelor thesis explains the security risks of web applications and their defense against damaging attacks. The issue is presented mostly from perspective of developers, therefore the introduction also mentions several principles of safe behavior on the internet from the user's perspective. Explained are the concepts of security risks in information technology and the concept of web applications. Thesis is based on the project OWASP Top 10 - 2013 made by OWASP Foundation, which defines the ten most critical security threats. There are explained also security methods of defending against some of the threats in the three most widely used PHP frameworks. The practical part presents examples of various attack scenarios of each security threat from the theoretical part. At the end, chosen frameworks are analyzed with penetration software on the private test server.
|
| |
|
Analysis of Attacks Using Web Browser
Olejár, František ; Michlovský, Zbyněk (referee) ; Drozd, Michal (advisor)
Different attacks guided from web servers using web browsers are being analyzed and described in this Bachelor's thesis. A simulation environment is used to simulate the attacks. The environment was created using Browserider, using the web server Apache 2 and a virtual machine as well. On the basis of the analysis, the application ExploitAnalyzer was developed and implemented and can successfully record process's actions as well as IRP requests sent during an attack onto a web browser.
|
| |
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
Secured access for web applications
Humpolík, Jan ; Pelka, Tomáš (referee) ; Doležel, Radek (advisor)
This thesis mainly concerns often neglected security part of each web application, but also secure access users themselves. Describes theoretically and practically modern security technology, on a web application being tested and shows a possible way of defense. Gives instructions for installing its own web server.
|
|
Web Application for NS2 Training
Pavlosek, Václav ; Koutný, Martin (referee) ; Šimek, Milan (advisor)
There is information to my master's thesis which is called “Web application for NS2 training”. This application works after installation and its source codes are saved on applied CD. It is said about implement Network Simulator 2. It helps to realize simulation of nets and then author inserts information about them into web application. Registered web's visitor has possibility to insert project into application. The project contents information about simulation created in NS2. Web application can also visible detail of possible project which is approved of administrator. Then the visitor can sort projects, search entered expression or connect his contribution to discussion forum. Administrator can approve users projects in his part of application. It makes available for the others. He can also delete them from database. Theory about technologies which are used for implementation of this application. It is talked about web Apache server, database MySQL server and programmable PHP language. There is also mentioned information about security of web application included possible attacks on applications and their database. It is presented proposal of database which creates core of application. This proposal is depended on application requirements. Next chapters give to reader whole image about functionality of application. There are mentioned samples of final graphical image of application. This document also provides the shows of source codes for creating database tables.
|
|
New technologies for development of web application Web 2.0
Medlín, Dušan ; Kacálek, Jan (referee) ; Kyselý, František (advisor)
The graduate thesis presents an analysis of the Web 2.0 applications developement. It defines the preliminary conditions and describes the technologies used for the creation of these applications, such as the markup languages HTML and XML, style sheet language CSS, tranfortmations language XSLT and scripting language JavaScript. The thesis depicts the security risks and the ways how the application can be protected against the XSS attacks and SQL Injection. Furthermore, it analyses a concept of the system containing features of the Web 2.0 trend, and its implementation in practice. The internet portal enabling all registered users to share information with the others, will be the result. Files can be uploaded, and maps and videos can be inserted into the system.
|
|
Web application security (PHP)
Císař, Daniel ; Jeníčková, Kateřina (advisor) ; Vronková, Lada (referee)
Práce pojednává o běžných bezpečnostních ohrožních webových aplikací, kterou jsem napsané v programovacím jazyce PHP. Nabízí přehled následujících útoků: XSS, CSRF, SQL injection, session stealing, session fixation. V práci je uvedeno, jak se těmto útokům vyvarovat či minimalizovat jejich riziko.
|