|
|
Tool for Analysis of JavaScript to Detect DOM XSS Vulnerabilities in Web Applications
Barnová, Diana ; Polčák, Libor (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to design a tool for analisys of JavaScript to detect DOM--based XSS vulnerability in web applications. Then to implement it and test it ethically. Cross--side Scripting (XSS) is one of the most common injection attacks on web applications that insert malicious code in an otherwise trusted site. An interpreted response by the browser is required for the detection and subsequent exploitation of DOM--based XSS vulnerabilities, therefore the tool captures the response from the Burp Suite proxy server. The analysis of this response uses two separate regular expressions aimed at searching for sources and sinks in the source code of the response. A set of payloads is used to determine if a site is exploitable. Subsequently, the user is warned of the possible danger. The output is a text file summarizing the results for the URL.
|
|
|
Web application for testing web server vulnerabilities
Šnajdr, Václav ; Burda, Karel (referee) ; Smékal, David (advisor)
The Master’s Thesis deals with the design and implementation of a web application for testing the security of SSL/TLS protocols on a remote server. The web application is developed in the Nette framework. The theoretical part describes SSL/TLS protocols, vulnerabilities, recommendations and technologies used in the practical part. The practical part is devoted to the creation of a web application with the process of using automatic scripts to test and display the results on the website with a rating of A+~to~C. The web application also displays a list of detected vulnerabilities and their recommendations.
|
|
|
Information and Cyber Threats in 2019
Bača, Jonatán ; MSc, Michal Mezera (referee) ; Sedlák, Petr (advisor)
Diploma thesis focuses on information and cyber threats in 2019. It comprises theoretical basis for better understanding of the issue. Afterward the thesis describes the analysis of the current situation which combined several analyses primarily aimed on Czech companies. In the last part draft measures is created which contain predictions and preventive actions and recommendations for companies.
|
|
|
Secure Coding Guidelines for Python
Zádrapa, Jan ; Holop, Patrik (referee) ; Malinka, Kamil (advisor)
S narůstajícím počtem kybernetických útoků a vzrůstající cenou jejich dopadů se zvyšuje také poptávka po znalosti bezpečného programování. Python jako aktuálně nejoblíbenější programovací jazyk se stal nedílnou součástí této problematiky. Spousta programátorů umí Python používat, ale neumí jej používat bezpečně. Tomuto problému nepomáhá ani to, že samotný Python nemá dostatek pokynů a výukových materiálů pro bezpečnostní problematiku. Cílem této práce je informovat o největších bezpečnostních hrozbách programování v Pythonu a zároveň zajistit řešení těchto situací. Zaměření práce je na poučení veřejnosti pomocí výukových materiálů v podobě pokynů a výukové pomůcky. Výuková pomůcka v podobě webové aplikace by měla být přehledná a použitelná pro veřejnost. Součástí aplikace je také několik příkladů implementace zranitelností z reálného světa.
|
|
|
Vulnerability Detection Service of Web Page Libraries
Bednář, Radek ; Zendulka, Jaroslav (referee) ; Volf, Tomáš (advisor)
This thesis deals with the creating of an application for the detection of technologies used on websites and finding their vulnerabilities. Application is implemented using the Symfony Framework and the React.js library. The information source is the NVD database joined by data from the GitHub service. Apart from the detection of technologies, the application allows the user to manually create his own sets of technologies and share them using the URL address.
|
|
|
Security testing of selected network protocols and related vulnerabilities
Böhmová, Monika ; Šeda, Pavel (referee) ; Jeřábek, Jan (advisor)
This thesis focuses on problematics of IPv6, ICMPv6 and DNS protocols, vulnerabilities and testing of aforementioned protocols. Methods of testing including black-box, whitebox and grey-box are explained. Testing instances and scenarios are listed for black-box and white-box testing methods. Furthermore manual and automated testing with use of tools is differentiated. Thesis also includes creation of testing environment and tool for automated testing. Environment is created using a software tool for virtualization of network infrastructure and its elements using GNS3 tool. Tool for automated testing is created with the use of Python 3 programming language. This tool includes scripts which test devices present, settings of connected networks and verify device vulnerability to Man in the Middle attack. Testing of the tool on its own is performed using the created testing environment with various types of end devices which influence the progress and results of the tests which are the output of the automated testing tool either in human readable or machine readable formats.
|
|
|
Vulnerability Detection in Computer Network
Šuhaj, Peter ; Hranický, Radek (referee) ; Holkovič, Martin (advisor)
Bachelor's thesis deals with analysis of chosen network protocols, finding their vulnerabilities and with designing and implementation of a tool for their detection. A vulnerability, for example, is using unencrypted communication. First of all the chosen protocols are studied, next methods for capturing and processing network traffic are analyzed. Based on research the design of the tool for detecting vulnerabilities is created and design of the format of vulnerabilities is created. Afterwards the implementation of the design is created in language Python and YAML configuration files are created containing entries of vulnerabilities. The program checks the input PCAP based on the content of these files. Testing took place on files of different size containing captured network traffic.
|
|
| |
|
|
Device that presents the vulnerabilities of the Internet of Things
Navrátil, Václav ; Pospíšil, Jan (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis focuses on creating checklists that will be used to perform security penetration testing of IoT devices. The theoretical part discusses the principle of IoT, the most commonly used communication protocols, the ISVS security standard and the resulting checklist. The next chapter, i.e., the practical part, contains procedures describing the manual testing of several IoT products. IoT devices were purchased for this purpose as a single unit along with the tools to test them. In total, four comprehensive tests were performed in the practical part.
|
|
| |
guest ::
