|
|
Security Aspects of Applications in Angular 5 Platform
Čermáková, Martina ; Zeman, Václav (referee) ; Burda, Karel (advisor)
The bachelor thesis is focused on security aspects of Single Page Application in An- gular 5. The main goal is to introduce security risks for developing a web applications and afterwards to implement author’s own knowledge that should guarantee security of the developed application. In theoretical part the reader is introduced to OWASP Top Ten project and security risks in backend, where is primary put stress on XSS and CSRF attacks. In practical part there is created a web application in Angular 5, there are simulations of XSS and CSRF attacks including explanation and fix of security issue. The thesis also aims at security of REST service and includes a summarizing list of recommendations for developers to know how to create secure web applications.
|
|
|
Secure Coding Guidelines for React
Solich, Filip ; Firc, Anton (referee) ; Malinka, Kamil (advisor)
This work deals with writing secure applications in JavaScript library React. The aim of this work is to create a guide for programmers to be able to detect parts of web applications that can be exploited to attack on the application. It describes how and to what you need to pay attention to when writing web applications, what are the best programming practices in the React library, thanks to which the programmer can avoid security errors in the application code and how to fix any errors. The types of attacks themselves and how attacks on a vulnerable application can take place are also described here. Knowing the progress of the attack will help the programmer to think better about the weak links of the application and thus also detect a security issue in the application before the attacker.
|
|
|
Secured access for web applications
Humpolík, Jan ; Pelka, Tomáš (referee) ; Doležel, Radek (advisor)
This thesis mainly concerns often neglected security part of each web application, but also secure access users themselves. Describes theoretically and practically modern security technology, on a web application being tested and shows a possible way of defense. Gives instructions for installing its own web server.
|
|
|
Secure Coding Guidelines for React
Solich, Filip ; Firc, Anton (referee) ; Malinka, Kamil (advisor)
This work deals with writing secure applications in JavaScript library React. The aim of this work is to create a guide for programmers to be able to detect parts of web applications that can be exploited to attack on the application. It describes how and to what you need to pay attention to when writing web applications, what are the best programming practices in the React library, thanks to which the programmer can avoid security errors in the application code and how to fix any errors. The types of attacks themselves and how attacks on a vulnerable application can take place are also described here. Knowing the progress of the attack will help the programmer to think better about the weak links of the application and thus also detect a security issue in the application before the attacker.
|
|
|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Mareš, Martin (referee)
In this work I will focus on the most common forms of attacks on web applications. My focus will point on so called Injection flaws (attacks where data given by user are interpreted and executed), XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery), that have for web application in case of compromisation fatal consequences. I will describe these attacks, their history, concrete examples of successful execution. I will propose also possible kinds of protection and possibilities of detection.
|
|
|
Security Aspects of Applications in Angular 5 Platform
Čermáková, Martina ; Zeman, Václav (referee) ; Burda, Karel (advisor)
The bachelor thesis is focused on security aspects of Single Page Application in An- gular 5. The main goal is to introduce security risks for developing a web applications and afterwards to implement author’s own knowledge that should guarantee security of the developed application. In theoretical part the reader is introduced to OWASP Top Ten project and security risks in backend, where is primary put stress on XSS and CSRF attacks. In practical part there is created a web application in Angular 5, there are simulations of XSS and CSRF attacks including explanation and fix of security issue. The thesis also aims at security of REST service and includes a summarizing list of recommendations for developers to know how to create secure web applications.
|
|
|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Mareš, Martin (referee)
In this work I will focus on the most common forms of attacks on web applications. My focus will point on so called Injection flaws (attacks where data given by user are interpreted and executed), XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery), that have for web application in case of compromisation fatal consequences. I will describe these attacks, their history, concrete examples of successful execution. I will propose also possible kinds of protection and possibilities of detection.
|
|
|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Čermák, Miroslav (referee)
Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are characterized possibilities of further development in area of better results of false positives. Implemented detection of all proposed attacks did slow down server response time by 10% and was able to detect more than 99% SQL injection, Path traversal and SSI injection attacks contained in web application security scanners.
|
|
|
Cloud computing technology framework and reducing risks
Akrir, Khaled Ali Ahmed ; Havlíček, Zdeněk (advisor) ; Macák, Tomáš (referee)
The thesis investigates, in a qualitative way, the vectors that contribute to cloud computing risks in the areas of security, business, and compliance. The focus of this research is on the identification of risk vectors that affect cloud computing and the creation of a framework that can help IT managers in their cloud adoption process. Economic pressures on businesses are creating a demand for an alternative delivery of the model that can provide flexible payments, dramatic cuts in capital investment, and reductions in operational cost. Cloud computing is positioned to take advantage of these economic pressures with low cost IT services and a flexible payment model, but at what risk to the business? Security concerns about cloud computing are heightened and fueled by misconceptions related to security and compliance risks. Unfortunately, these security concerns are seldom, expressed quantifiably. To bring clarity to cloud computing security, compliance, and business risks, this research focuses on a qualitative analysis of risk vectors drawn from one-on-one interviews with top IT experts selected. The qualitative aspect of this research separates facts from unfounded suspicions, and creates a framework that can help align perceived risks of cloud computing with actual risks. The qualitative research was done through interviews with experts and through the survey to measure risk perceptions about cloud computing using a Likert scale. The decision-making model and the framework created by this research help to rationalize the risk vectors on cloud environments and recommend reducing strategies to bring the IT industry one step closer to a clearer understanding of the risks-tradeoffs implications of cloud computing environments.
|
|
|
Secured access for web applications
Humpolík, Jan ; Pelka, Tomáš (referee) ; Doležel, Radek (advisor)
This thesis mainly concerns often neglected security part of each web application, but also secure access users themselves. Describes theoretically and practically modern security technology, on a web application being tested and shows a possible way of defense. Gives instructions for installing its own web server.
|
guest ::
