|
|
The Information Security Management in Company
Kalabis, Petr ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
This master thesis is focused on the design of implementation the information security management system in the company according to standards ISO/IEC 27000. First of all, it was described the theory of information security management system and it was explained the relevant terms and other requirements in the context of this issue. This assignment involves analysis of the current situation of the company and suggestions that lead to reducing discovered risks and bring improvement of the general information security.
|
|
|
Detection of Blueborne Revealed Vulnerability
Janček, Matej ; Malinka, Kamil (referee) ; Hujňák, Ondřej (advisor)
Táto práca sa zaoberá tvorbou automatickej metódy na detekciu Blueborne zraniteľností v Android zariadeniach. V riešení bola použitá metóda, ktorej základné fungovanie je z vyvolania pretečenia pamäti na zariadení. Následne výsledný nástroj vyhodnotí či sa to podarilo a, či zariadenie je zraniteľné. Nástroj bol testovaný na viacerých zariadeniach, ktoré majú rôzne verzie systému. Testovanie tejto metódy detekcie potvrdilo funkčnosť nástroja.
|
|
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
|
|
Development of a calculator for assessing vulnerabilities in Javascript
Škrhák, Pavel ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
The aim of this work is to describe the known methods of vulnerability assessment, and to implement them in a web application using the Vue.js framework. The thesis describes two vulnerability assessment systems, namely CVSS (Common Vulnerability Scoring System) and OWASP (Open Web Application Security Project) Risk Rating Methodology. Their parts, metrics and methods of calculation of the evaluation are described. Subsequently, these systems are compared and their strengths and weaknesses are determined. The work then evaluates some known vulnerabilities using these two assessment methods. The work then describes the design of the frontend and backend of the web application. The frontend uses the Vue.js framework, which allows the creation of dynamic one-page web applications. The components and layout of the application are designed. Furthermore, the appearance of the front application and its components is designed. The backend was designed to suit with the Djnago framework, which together with the django REST framework can be used to quickly create an API (Application Programming Interface) communicating with the database. A model for storing data from a frontend application was designed. The work then describes the implementation of this application divided into frontend and backend. The backend describes the implementation of the API and the database. The implementation of the model itself, serializer and methods for communication with the frontend application are described. In the frontend, a vue router is created, which is used to dynamically change the content of the page, then the components themselves are created, which serve as building blocks of the application. These components contain three parts, namely structure, JavaScript code and CSS (Cascading Sytle Sheets). Components can pass data and call functions of other components. The last part of the work is testing of the application itself. Its functionality is tested by calculating the score of already assessed vulnerabilities and some items of the OWASP ASVS (Application Security Verification Standard). Furthermore, security is tested by testing several known vulnerabilities, along with testing with OWASP ASVS.
|
|
|
Geoturistický potenciál vybraných lokalit národního geoparku Vysočina
Musilová, Karin
The bachelor thesis deals with the evaluation of sites that have geotourism potential. The thesis presents eight geomorphologically important localities, which are evaluated by the geomorphosites methodology. These selected localities are located in the Vysočina National Geopark. The geopark itself is compared from the point of view of land use on the basis of map data. The purpose of this work is to point out the vulnerability of the sites. Among other things, changes in the geopark landscape were assessed.
|
|
|
The Interplay Between Smart Cities and Disaster Risk Reduction: A Study of the City of Amsterdam
Rossi, Alice ; Špelda, Petr (advisor) ; Střítecký, Vít (referee)
The thesis examines how the development of smart cities interplays with the enhancement of Disaster Risk Reduction. Natural disasters are increasing, especially in urban areas, representing a concentration of social, economic and institutional vulnerabilities due to high population density. The development of smart cities could represent an opportunity to make urban areas safer and prepared to handle possible extreme weather events, as they are based on the development of cross-sectoral policies to deal with urban challenges and increase the city's overall efficiency. Through a single case study research of the city of Amsterdam, the thesis aims to prove the connections between smart cities and disaster risk reduction frameworks through qualitative data analysis. The findings show the overall efficiency of the approach employed by the city of Amsterdam for both the development of the smart city and disaster risk reduction. Even if the city does not explicitly state the connection between the two domains, the study found that Amsterdam's smart city policies have several elements that interplay with the framework of disaster risk reduction, enhancing its effectiveness. Keywords Smart Cities, Disaster Risk Reduction, Disaster Risk, Vulnerability, Resilience, Policy-Making Title The Interplay Between...
|
|
|
Tool for Automated Penetration Testing of Web Servers
Rajecký, Michal ; Holop, Patrik (referee) ; Malinka, Kamil (advisor)
Táto práca sa zaoberá témou kybernetickej bezpečnosti s dôrazom na bezpečnosť webových serverov. Zahŕňa technológie, ktoré sa používajú na ochranu webových serverov pred častými bezpečnostnými hrozbami. Ďalej sa práca venuje spôsobu odhaľovania týchto bezpečnostných hrozieb pomocou rôznych metodík penetračného testovania a zoznamu OWASP TOP 10. V praktickej časti je vyvýjaný framework pre automatizované testovanie webových serverov. Integruje funkcionalitu vybraných nástrojov a poskytuje podporu pre uživateľom definované moduly. V závere práce je funkčnosť nástroja overená v simulovanom prostredí.
|
|
|
Aspekty bezpečnosti Robot Operating System
KUBOVSKÝ, Petr
This Bc. thesis focuses on the problematics of security of Robot Operating System (ROS). Except short introduction and description of basic ROS principles the main goal of this thesis is to show possible security problems, their analysis and misuse for some possible attacks on system. Some of the attacks will be shown in practical part. Another goal of this thesis is evaluation of overall security of ROS, recommendations how to use ROS safely and how how to effectively protect the system against some of the described attacks.
|
|
|
Machine Learning-enhanced digital Information Operations of the People's Republic of China in the Republic of Korea
Pasligh, Hendrik Arne ; Střítecký, Vít (advisor) ; Kaczmarski, Marcin (referee) ; Schlotti, Jivanta (referee)
MachineLearning-enhanceddigitalInformationOperationsofthePeople's Republic ofChinain the Republic ofKorea Hendrik Arne Pasligh Abstract This study addressesthe research question if, how and to what end the People'sRepublic of China (PRC) might deploy digital information operations enhanced by machine learning (ML) technology in and against the Republic of Korea (ROK). To do so, Ulrich Beck's risk society theory is employed as the theoretical framework, which provides valuable insights into the environment in which information operations are conducted today. This environment is susceptible to information operations on a qualitatively fundamentally different new level. Further, this study establishes a terminology of information operations, bringing clarity to several ill-defined terms that prevail within academic literature. A scenario will be built to visualise a potential PRC information operation against the ROK. The majority of the study seeksto identify and analyse the relevant factors for such a scenario, particularly focusing on PRC strategic interestsandROK vulnerabilities against information operations.This studyfinds that: It is very likely that ML-enhanced artificial agents will increasingly be able to pose as human beings in the digital world; it is very likely that historical issues betweenthe...
|
|
|
MCUXpresso Web application security
Mittaš, Tomáš ; Heriban, Pavel (referee) ; Roupec, Jan (advisor)
This thesis deals with testing of the security of web application MCUXpresso Web SDK Builder using ethical hacking techniques and tools. At the beginning, the history of ethical hacking and structure of web applications are briefly mentioned. The thesis then analyses the application itself from the user’s point of view, its parts before logging in and after logging in and the operation of this application. The following is a list of the most common vulnerabilities and weaknesses found in web applications to understand any vulnerabilities found. Furthemore, the thesis deals with the techniques and tools of web application security and compares them. The penultimate chapter deals with the use of Analysis and vulnerability scanning technique on the application MCUXpresso Web SDK Builder. Finally, an application security test plan is designed, while part of this plan is automated.
|
guest ::
