|
|
Web Application Penetration Testing
Hric, Michal ; Čermák, Igor (advisor) ; Hlaváč, Jindřich (referee)
The aim of the present thesis was to analyze the level of security of select open-source web applications based on penetration testing at various stages of testing, defined by the PTES methodology. This included application of new PETA methodology to perform web application penetration testing and the creation of new knowledge objects concerning penetration testing in the MBI portal. The open-source web applications Juice Shop, NodeGoat, XVWA and bWAPP were tested. The security of the web applications was evaluated as insufficient as at least one vulnerability with a high risk of exploitation was identified for each of the tested applications. For each vulnerability found in the application, recommended corrective measures to eliminate the associated risk is stated. When using the PETA methodology for penetration testing, the benefit was mainly in integrating of penetration testing in the context of IS/IT management in an organization based on application of the narrowed framework for IS/IT management. Finally, new knowledge objects in the MBI portal are listed and described. Objects created include a task concerning the process of penetration testing, a set of metrics for evaluating the success of penetration testing and roles linked to the task.
|
|
|
Malware analysis and reverse engineering
Šváb, Martin ; Čermák, Igor (advisor) ; Hlaváč, Jindřich (referee)
Focus of this thesis is reverse engineering in information technology closely linked with the malware analysis. It explains fundamentals of IA-32 processors architecture and basics of operating system Microsoft Windows. Main part of this thesis is dedicated to the malware analysis, including description of creating a tool for simplification of static part of the analysis. In Conclusion various approaches to the malware analysis, which were described in previous part of the thesis, are practically demonstrated on unknown malware sample.
|
|
|
Privacy and internet services
Samec, Marek ; Gála, Libor (advisor) ; Hlaváč, Jindřich (referee)
This thesis is focused on internet services user privacy. Goal of this thesis is to determine level of user awareness of how is their privacy approached while using internet services. Then suggest procedure to improve this awareness, or that will lead to better control of individual privacy. In theoretical part I analyze general and legislative approach to privacy, followed by analysis of behaviour of internet service users and providers. Part of this analysis deals with usage of web cookies for user tracking purposes and its possible impact on user privacy. Practical part consists of survey which is used to determine true level of user awareness of how is their privacy approached while using internet services, and of suggestion of measures to improve protection of privacy.
|
|
|
Mass News Media in the Information Society
Vydrař, Štěpán ; Rosický, Antonín (advisor) ; Hlaváč, Jindřich (referee)
This work deals with mass media and influence of modern technology on them. The goal is to familiarise the reader with all the aspects it brings. First part is aimed on the terminology and the history of mass media. The second part closely investigates the current state of mass media. It clarifies the role of entertainment they contain, analyses internet news websites, describes current trends on the internet. It investigates the current crisis of printed mass media and introduces the reader not only as a receiver of information communicated by mass media, but also as a co-creator of it. This work also aims at the influence of the mass media in the society. Third chapter is about the research among journalists and experts on the mass media, but also among the public. In this, the hypothesis are confronted with the findings of the research.
|
|
|
Internet attacks in term of end-user
Šírek, Martin ; Gála, Libor (advisor) ; Hlaváč, Jindřich (referee)
Personal computer connected to the Internet is a phenomenon of our time. Hand in hand with the positive development of the possibilities offered by the Internet is an effort to abuse them. Computer attacks are the crudest way of such abuse. This work explains the nature of cyber attacks and structure of the attacks. The aim is to explain how cyber attackers threat end-users of the computer and what defence exists against it. It's an introduction to the problem. The work is based around the assumption that the reader is a beginner in the field of information technology and the depth and scope of interpretation are adapted to it. For deeper study it refers to the sources in the rich list of used literature. The introductory section describes the structure of attacks and the interrelations between threats, assets (endangered goods) and vulnerability. Considerable space is devoted to the usage of social engineering for cyber attacks. Thereinafter methods,software and objectives of the attackers are explained. Measures against attacks are not missing too. The final section explains connections between the attacker's tools.
|
guest ::
RSS feed.