|
| |
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
MCUXpresso Web application security
Mittaš, Tomáš ; Heriban, Pavel (referee) ; Roupec, Jan (advisor)
This thesis deals with testing of the security of web application MCUXpresso Web SDK Builder using ethical hacking techniques and tools. At the beginning, the history of ethical hacking and structure of web applications are briefly mentioned. The thesis then analyses the application itself from the user’s point of view, its parts before logging in and after logging in and the operation of this application. The following is a list of the most common vulnerabilities and weaknesses found in web applications to understand any vulnerabilities found. Furthemore, the thesis deals with the techniques and tools of web application security and compares them. The penultimate chapter deals with the use of Analysis and vulnerability scanning technique on the application MCUXpresso Web SDK Builder. Finally, an application security test plan is designed, while part of this plan is automated.
|
|
|
Software for seeking vulnerable computers in network
Krkoš, Radko ; Pelka, Tomáš (referee) ; Polívka, Michal (advisor)
This thesis concerns about computer system and network infrastructure security. It describes the topic of security holes and vulnerabilities and discusses possibilities for computer attack defense. Common security holes and client and server systems configuration errors are described. There are stated simple rules and advices for configuring network environment according to security and minimalization of failure or violation risk due to security holes and vulnerabilities. Thesis adresses approaches of security hole detection in programs and devices entrusted to administrator, device and security holes inventory control and prevention possibilities. Thesis describes how to execute self security audit and how to process its results. It suggests techniques and methods to administer network, server, or intranet during its lifespan according to security. It also analyses existing available software and evaluates its features and resources with regard to security topic. Software is chosen to simplify work for administrator in some or more parts of security management like network condition analysis, error and vulnerability detection in computer systems, network infrastructure, web applications or applications for network alternation detection. Thesis recommends requirements for security audit application and discusses eligible features in regard of functionality and added value. Created set of scripts simplifies administrator's work by automating common and time consuming tasks and delivers information in compact and simple form, what makes the work more comfortable and shortens the reaction time to crises such as discovery of new security hole or security breach.
|
|
|
Vulnerability Analysis of Data Protection in Selected Company
Strachová, Zuzana ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The bachelor thesis deals with security assessment in the area of data protection of a part of the information system in a selected company. In my thesis, I examine the security status and security controls in place and try to detect actual or potential vulnerabilities. Based on an analysis performed by means of interviews, using assisted assessment methodology and automated vulnerability-finding method, I suggest security enhancements. The theoretical part of the thesis provides an introduction to the topic of data protection and defines the basic related terms.
|
|
|
Decision Risks Management Methods
Janošík, Petr ; Chudý, Peter (referee) ; Kreslíková, Jitka (advisor)
This thesis deals with the matter of risk managament in IT projects. It explains the importance of risk management in such projects and shows different ways and methods of managing and analyzing the risks. After explaining the basic concepts and the various phases of risk management the text focuses on two methods of risk analysis - the fault tree analysis of event tree analysis. Use of both methods is explained for both quantitative and qualitative analyses. The second half of the work includes the design of an application for the support of risk analysis employing the methods of fault tree analysis and event tree analysis. This is followed by a description of the implementation of the proposed system in a web environment using jQuery, Nette Framework and Dibi.
|
|
|
Penetration Testing of an Open-Source Software
Hrozek, Jakub ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
This thesis discusses the design and implementation of integrated penetration testing system. In the first two chapters, the reader is introduced to the topic of penetration testing. The basic techniques and classification of tests are described as well as some of the most widely used methodologies. It also discusses the need to automate the testing process. The fifth and sixth chapter discuss specification and detailed design of integrated penetration testing tool. Its implementation and the problems that had arisen during the process are the theme of chapter seven. The last part of the thesis describes practical experiments done with the tool and gives the reader some advice on securing computer networks.
|
|
|
The proposal of ISMS implementation in the public administration
Štukhejl, Kamil ; Tomáš,, Krejčí (referee) ; Sedlák, Petr (advisor)
This diploma thesis focuses on the implementation of information security management system in the public administration based on ISO/IEC 27000 series of standards. The thesis contains theoretical background, introduction of the organization, risk analysis and a proposal of appropriate measures for minimization of these identified risks. In the end, an implementation plan is proposed including an economic evaluation.
|
|
|
Implementation of application that demonstrates mobile application vulnerabilities
Šrůtková, Karolína ; Šilhavý, Pavel (referee) ; Martinásek, Zdeněk (advisor)
This master thesis is focused on an implementation of application for Android operating system that demonstrates mobile application vulnerabilities. Theoretical part contains security of mobile applications and its current state including a description of the biggest security risks and vulnerabilities. In addition, general development of mobile applications for Android is mentioned. In a practical part of the thesis a custom design of the application is described including vulnerabilities analysis, design of basic application blocks and selection of suitable tools for implementation. The section describing the implementation of the application describes the preparation of the environment, the structure of the created application and especially its implementation. The last part contains an example of implemented application vulnerabilities and also the result of its testing.
|
|
|
Tool for SQL Injection Vulnerability Detection
Kutypa, Matouš ; Samek, Jan (referee) ; Barabas, Maroš (advisor)
The Bachelor thesis is focused on the issue of SQL injection vulnerabilities. The thesis presents commonly used procedures in the attacks against information systems and are also discussed possibilities of defense including the correct ways of input validation. The theoretical part contains the essential foundation of what should the penetration tester know, to be able to examine the inputs of application for SQL injection vulnerability. The thesis also describes analysis, design and implementation of specialized tool for Web application vulnerability detection. The implemented tool was tested and compared with other existing tools. Within the thesis has been also implemented a Web application, which demonstrates many different variants of SQL injection vulnerable inputs.
|
guest ::
