|
|
Vulnerability Analysis of Data Protection in Selected Company
Strachová, Zuzana ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The bachelor thesis deals with security assessment in the area of data protection of a part of the information system in a selected company. In my thesis, I examine the security status and security controls in place and try to detect actual or potential vulnerabilities. Based on an analysis performed by means of interviews, using assisted assessment methodology and automated vulnerability-finding method, I suggest security enhancements. The theoretical part of the thesis provides an introduction to the topic of data protection and defines the basic related terms.
|
|
|
Penetration tests and network device vulnerability scanning
Gregr, Filip ; Martinásek, Zdeněk (referee) ; Hajný, Jan (advisor)
This thesis is dealing with penetration tests and network device vulnerability assessment. Theoretical part includes analysis of this issue and description of general methodology of performing penetration tests. Thesis provides basic overview of requirements of international norms ISO 27000 and PCI DSS. In another part the software for Nessus vulnerability scanning and Linux Kali distrubution is introduced. Practical part of thesis includes several aims. The first is a comparsion of five vulnerability scanners in a created test network. Chosen tools for this purpose are Nessus, OpenVAS, Retina Community, Nexpose Community and GFI LanGuard. Network scan is performed with each of~these tools. Penetration test using the tools available in Kali Linux is then executed in this network. Procedure of exploiting two selected vulnerabilities is created as a laboratory exercise. The last aim of thesis is testing the web server protection against flood attacks SYN flood, UDP flood and slow attack Slowloris. Scripts for flooding were written in Python language.
|
|
|
Web platform to support penetration testing
Lazarov, Willi ; Kuchař, Karel (referee) ; Martinásek, Zdeněk (advisor)
The bachelor thesis deals with the design, development, and implementation of a web platform to support penetration testing. The theoretical part of the thesis is devoted to the description of penetration testing and vulnerability severity assessment. Next, the technologies used in the development of the final solution are described. The practical part describes the gradual solution of partial requirements of the web platform. The individual chapters summarize the problem, design, and implementation of the solution. The practical part starts with the design of a highly scalable model that addresses the main problem of the assignment of this thesis. Next, the design of the platform, its embedding in the proposed model, and the development of a modular web application. Furthermore, the actual development of the application part is described, specifically, its connection with the relational database, tools for automated penetration testing, and the report generator. In the next chapter, the testing of the platform in a production environment is described. The last chapter compares relevant tools for penetration testing. The result of the work is a web platform with the main purpose of increasing the effect of penetration testing to such an extent that the time, complexity, and work required to successfully complete the entire test will be considerably lower than using currently relevant available tools.
|
|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
|
Login Forms Detection Tool
Sohr, Jakub ; Jurek, Michael (referee) ; Martinásek, Zdeněk (advisor)
The rapid growth of the internet and the increasing complexity of web applications have resulted in a rising need for robust and user-friendly cybersecurity tools. This thesis presents the design, implementation, and evaluation of a Web-based Login Interface Detection Tool, which aims to assist security professionals in identifying and assessing potential login interfaces on a variety of websites. By automating this process, the tool seeks to streamline the identification of possible security vulnerabilities and assist in penetration testing efforts. The web interface for the Login Interface Detection Tool has been developed using modern frontend technologies and frameworks, such as Vue.js and Socket.IO, to provide an intuitive and responsive user experience. This thesis describes the design principles and user interface elements that have been employed, as well as the implementation of the underlying Vue.js and Socket.IO frameworks for real-time communication between the client and server. Through a comprehensive examination of the design, implementation, and security considerations for the Web-based Login Interface Detection Tool, this thesis demonstrates the potential of modern technologies in the development of advanced cybersecurity tools.
|
|
|
Web platform to support penetration testing
Lazarov, Willi ; Kuchař, Karel (referee) ; Martinásek, Zdeněk (advisor)
The bachelor thesis deals with the design, development, and implementation of a web platform to support penetration testing. The theoretical part of the thesis is devoted to the description of penetration testing and vulnerability severity assessment. Next, the technologies used in the development of the final solution are described. The practical part describes the gradual solution of partial requirements of the web platform. The individual chapters summarize the problem, design, and implementation of the solution. The practical part starts with the design of a highly scalable model that addresses the main problem of the assignment of this thesis. Next, the design of the platform, its embedding in the proposed model, and the development of a modular web application. Furthermore, the actual development of the application part is described, specifically, its connection with the relational database, tools for automated penetration testing, and the report generator. In the next chapter, the testing of the platform in a production environment is described. The last chapter compares relevant tools for penetration testing. The result of the work is a web platform with the main purpose of increasing the effect of penetration testing to such an extent that the time, complexity, and work required to successfully complete the entire test will be considerably lower than using currently relevant available tools.
|
|
|
Geographical Random Forest model evaluation in agricultural drought assessment
Bicák, Daniel ; Brodský, Lukáš (advisor) ; Brůha, Lukáš (referee)
Drought is a natural disaster, which negatively affects millions of people and causes huge economic losses. This thesis investigates agricultural drought in Czechia using machine learning algorithms. The statistical models utilised were Random Forest (RF), Geographical Random Forest (GRF) and Locally Tuned Geographical Random Forest (LT GRF). GRF consists of several RF models trained on a subset of original data. The final prediction is a weighted sum of the prediction of a local and global model. The size of the subset is determined by the tunable parameter. LT GRF addresses spatial variability of subset size and local weight. During the tuning process, optimal parameters are found for every location and then interpolated for unknown regions. The thesis aims to evaluate the performance of each model and compare GRF feature importance output with the global model. The best model features meteorological impor- tances are used to create a drought vulnerability map of Czechia. Produced assessment is compared to existing drought vulnerability projects. 1
|
|
|
Systém sledování a hodnocení zranitelnosti vůči dopadům změny klimatu v podmínkách ČR
Kochová, Tereza ; Havránek, Miroslav
Česká republika se podobně jako ostatní země světa potýká s jednotlivými projevy změny klimatu. Změna klimatu je komplexní fenomén, jehož projevy ovlivňují téměř všechny hospodářské oblasti, lidskou společnost i ekosystémy. Reálný efekt daného projevu změny klimatu přitom záleží nejen na místně specifické intenzitě samotného projevu, ale také na tom, zda jsou v zasaženém systému přítomny prvky, které jsou tímto projevem negativně ovlivněny. Reálné efekty daného projevu a jejich závažnost jsou určeny také schopností dotčeného systému dopad projevu předvídat (být na něj připraven), reagovat na něj a přizpůsobit se nastalé změně, případně schopností tlumit negativní dopady a způsobené škody nahradit.
Fulltext:  PDF
|
|
|
Design of methodology for vulnerability assesment
Pecl, David ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
|
|
|
Vulnerability Analysis of Data Protection in Selected Company
Strachová, Zuzana ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The bachelor thesis deals with security assessment in the area of data protection of a part of the information system in a selected company. In my thesis, I examine the security status and security controls in place and try to detect actual or potential vulnerabilities. Based on an analysis performed by means of interviews, using assisted assessment methodology and automated vulnerability-finding method, I suggest security enhancements. The theoretical part of the thesis provides an introduction to the topic of data protection and defines the basic related terms.
|
guest ::
