National Repository of Grey Literature 59 records found  previous11 - 20nextend  jump to record: Search took 0.01 seconds. 
Development of a calculator for assessing vulnerabilities in Javascript
Škrhák, Pavel ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
The aim of this work is to describe the known methods of vulnerability assessment, and to implement them in a web application using the Vue.js framework. The thesis describes two vulnerability assessment systems, namely CVSS (Common Vulnerability Scoring System) and OWASP (Open Web Application Security Project) Risk Rating Methodology. Their parts, metrics and methods of calculation of the evaluation are described. Subsequently, these systems are compared and their strengths and weaknesses are determined. The work then evaluates some known vulnerabilities using these two assessment methods. The work then describes the design of the frontend and backend of the web application. The frontend uses the Vue.js framework, which allows the creation of dynamic one-page web applications. The components and layout of the application are designed. Furthermore, the appearance of the front application and its components is designed. The backend was designed to suit with the Djnago framework, which together with the django REST framework can be used to quickly create an API (Application Programming Interface) communicating with the database. A model for storing data from a frontend application was designed. The work then describes the implementation of this application divided into frontend and backend. The backend describes the implementation of the API and the database. The implementation of the model itself, serializer and methods for communication with the frontend application are described. In the frontend, a vue router is created, which is used to dynamically change the content of the page, then the components themselves are created, which serve as building blocks of the application. These components contain three parts, namely structure, JavaScript code and CSS (Cascading Sytle Sheets). Components can pass data and call functions of other components. The last part of the work is testing of the application itself. Its functionality is tested by calculating the score of already assessed vulnerabilities and some items of the OWASP ASVS (Application Security Verification Standard). Furthermore, security is tested by testing several known vulnerabilities, along with testing with OWASP ASVS.
Implementation of a vulnerability assessment calculator
Ludes, Adam ; Švikruha, Patrik (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis focuses on a newly introduced vulnerability scoring system, compares it to a most widespread alternative, which is Common Vulnerability Scoring System (CVSS), analyzes the Vue.js framework and other technologies used in the implementation. Lastly it introduces an implementation of said new scoring system in a way to best showcase its capabilities.
Implementation of application that demonstrates mobile application vulnerabilities
Šrůtková, Karolína ; Šilhavý, Pavel (referee) ; Martinásek, Zdeněk (advisor)
This master thesis is focused on an implementation of application for Android operating system that demonstrates mobile application vulnerabilities. Theoretical part contains security of mobile applications and its current state including a description of the biggest security risks and vulnerabilities. In addition, general development of mobile applications for Android is mentioned. In a practical part of the thesis a custom design of the application is described including vulnerabilities analysis, design of basic application blocks and selection of suitable tools for implementation. The section describing the implementation of the application describes the preparation of the environment, the structure of the created application and especially its implementation. The last part contains an example of implemented application vulnerabilities and also the result of its testing.
The Legal Status of Minors and Other Vulnerable Applicants for International Protection
Edelmannová, Anna ; Pítrová, Lenka (advisor) ; Scheu, Harald Christian (referee)
Persons who seek international protection in the European Union are entitled to number of rights contained in the EU law, international law and national law. Some applicants for international protection are entitled to additional rights and guarantees due to their weakened position. This thesis analyses the legal position of vulnerable applicants for international protection (or more precisely applicants with special needs). The position of minor applicants is dealt with in more detail. The thesis further deals with the legislation of the Common European Asylum System, attention is also paid to the European Court of Human Right's case- law, to the UN Convention on the Rights of the Child and to other relevant documents. All applicants for international protection can be seen as vulnerable. In the view of the European Court of Human Rights applicant for international protection is "as such, a member of a particularly underprivileged and vulnerable population group in need of special protection". The EU law does not explicitly describe applicants as vulnerable, but it entitles them to a certain standard of rights by which it reflects their difficult position. Furthermore, the Reception Conditions Directive and Asylum Procedures Directive define applicants with special needs (more precisely applicants...
Detection of Blueborne Revealed Vulnerability
Janček, Matej ; Malinka, Kamil (referee) ; Hujňák, Ondřej (advisor)
Táto práca sa zaoberá tvorbou automatickej metódy na detekciu Blueborne zraniteľností v Android zariadeniach. V riešení bola použitá metóda, ktorej základné fungovanie je z vyvolania pretečenia pamäti na zariadení. Následne výsledný nástroj vyhodnotí či sa to podarilo a, či zariadenie je zraniteľné. Nástroj bol testovaný na viacerých zariadeniach, ktoré majú rôzne verzie systému. Testovanie tejto metódy detekcie potvrdilo funkčnosť nástroja.
Security exercises for ethical hacking
Paučo, Daniel ; Lieskovan, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
This master thesis deals with penetration testing and ethical hacking. Regarding to the layout of the thesis there was prepared appropiate enviroment to realize Red/Blue team exercise, where Red team is in a role of the attacker and Blue team is in a role of defender of the network infrastructure. Whole infrastructure is implemented in a cloud virtual enviroment of VMware vSphere. Second part of the thesis consists of preparation and creation of the exercise to test web application security. Third part of the thesis is dedicating to the automatization of redteaming. Main focus of this master thesis is to demonstrate different attack vectors how to attack the network infrastructure and web applications and use of the defense mechanisms to avoid this kinds of attacks.
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
Security of Red Hat Enterprise Linux based operating systems
Kňažeková, Nikola ; Ilgner, Petr (referee) ; Komosný, Dan (advisor)
Táto diplomová práca sa zameriava zvyšovanie bezpečnosti v operačných systémoch založených na Red Hat Enterprise Linux, na základe analyzovaných zraniteľnosti za posledných 5 rokov. V teoretickej časti sú popísané slabiny a zraniteľnosti, základné bezpečnostné mechanizmy v Linuxe, so zameraním na technológiu SELinux. Technológia SELinux je súčasťou operačných systémov Red Hat Enterprise Linux, Fedora a CentOS. Na základe analyzovaných zraniteľností bola v praktickej časti navrhnutá konfigurácia technológie SELinux. V návrhu sú popísané prvky, ktoré sa budú konfigurovať a tými sú SELinuxové booleany, SELinuxové moduly a SELinuxoví užívatelia, so zameraním na ochranu pamäte, eskalovanie privilégií, spúšťaniu kódu, úniku dat a obmedzenie procesov a užívateľov. Na základe návrhov bola vytvorená konfigurácia v konfiguračnom nástroji Ansible, ktorej cieľom je umožniť užívateľovi jednoducho a rýchlo nakonfigurovať hosťa. Okrem nej boli vytvorene ďalšie dve konfigurácie, ktoré umožnia vrátiť systém do predchádzajúceho stavu alebo uzamknúť SELinuxovú konfiguráciu. Následne sa overoval dopad konfigurácií na použiteľnosť systému a nájdené chyby boli opravené alebo nahlásené. Posledná časť overuje funkčnosť konfigurácie pred zneužitím zraniteľností.

National Repository of Grey Literature : 59 records found   previous11 - 20nextend  jump to record:
Interested in being notified about new results for this query?
Subscribe to the RSS feed.