|
|
Web Application for NS2 Training
Pavlosek, Václav ; Koutný, Martin (referee) ; Šimek, Milan (advisor)
There is information to my master's thesis which is called “Web application for NS2 training”. This application works after installation and its source codes are saved on applied CD. It is said about implement Network Simulator 2. It helps to realize simulation of nets and then author inserts information about them into web application. Registered web's visitor has possibility to insert project into application. The project contents information about simulation created in NS2. Web application can also visible detail of possible project which is approved of administrator. Then the visitor can sort projects, search entered expression or connect his contribution to discussion forum. Administrator can approve users projects in his part of application. It makes available for the others. He can also delete them from database. Theory about technologies which are used for implementation of this application. It is talked about web Apache server, database MySQL server and programmable PHP language. There is also mentioned information about security of web application included possible attacks on applications and their database. It is presented proposal of database which creates core of application. This proposal is depended on application requirements. Next chapters give to reader whole image about functionality of application. There are mentioned samples of final graphical image of application. This document also provides the shows of source codes for creating database tables.
|
|
|
Tool for Analysis of JavaScript to Detect DOM XSS Vulnerabilities in Web Applications
Barnová, Diana ; Polčák, Libor (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to design a tool for analisys of JavaScript to detect DOM--based XSS vulnerability in web applications. Then to implement it and test it ethically. Cross--side Scripting (XSS) is one of the most common injection attacks on web applications that insert malicious code in an otherwise trusted site. An interpreted response by the browser is required for the detection and subsequent exploitation of DOM--based XSS vulnerabilities, therefore the tool captures the response from the Burp Suite proxy server. The analysis of this response uses two separate regular expressions aimed at searching for sources and sinks in the source code of the response. A set of payloads is used to determine if a site is exploitable. Subsequently, the user is warned of the possible danger. The output is a text file summarizing the results for the URL.
|
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Specific modules for manual security testing support
Osmani, Jakub ; Safonov, Yehor (referee) ; Paučo, Daniel (advisor)
This bachelor thesis deals with the concept of penetration testing and the standards that coincide with it. The main aim of the theoretical part of this thesis is to describe the world of penetration testing, and the widely known OWASP documentation. Vulnerabilities from the top 10 vulnerabilities list as well as recommendations about secure web application development, from the Application Security Verification Standard (ASVS), are provided. The practical part of this thesis is focused on the development of three tools, that are to be used to help automate certain aspects of penetration testing.
|
|
| |
|
|
New technologies for development of web application Web 2.0
Medlín, Dušan ; Kacálek, Jan (referee) ; Kyselý, František (advisor)
The graduate thesis presents an analysis of the Web 2.0 applications developement. It defines the preliminary conditions and describes the technologies used for the creation of these applications, such as the markup languages HTML and XML, style sheet language CSS, tranfortmations language XSLT and scripting language JavaScript. The thesis depicts the security risks and the ways how the application can be protected against the XSS attacks and SQL Injection. Furthermore, it analyses a concept of the system containing features of the Web 2.0 trend, and its implementation in practice. The internet portal enabling all registered users to share information with the others, will be the result. Files can be uploaded, and maps and videos can be inserted into the system.
|
|
|
Security Aspects of Applications in Angular 5 Platform
Čermáková, Martina ; Zeman, Václav (referee) ; Burda, Karel (advisor)
The bachelor thesis is focused on security aspects of Single Page Application in An- gular 5. The main goal is to introduce security risks for developing a web applications and afterwards to implement author’s own knowledge that should guarantee security of the developed application. In theoretical part the reader is introduced to OWASP Top Ten project and security risks in backend, where is primary put stress on XSS and CSRF attacks. In practical part there is created a web application in Angular 5, there are simulations of XSS and CSRF attacks including explanation and fix of security issue. The thesis also aims at security of REST service and includes a summarizing list of recommendations for developers to know how to create secure web applications.
|
|
|
Secure Coding Guidelines for React
Solich, Filip ; Firc, Anton (referee) ; Malinka, Kamil (advisor)
This work deals with writing secure applications in JavaScript library React. The aim of this work is to create a guide for programmers to be able to detect parts of web applications that can be exploited to attack on the application. It describes how and to what you need to pay attention to when writing web applications, what are the best programming practices in the React library, thanks to which the programmer can avoid security errors in the application code and how to fix any errors. The types of attacks themselves and how attacks on a vulnerable application can take place are also described here. Knowing the progress of the attack will help the programmer to think better about the weak links of the application and thus also detect a security issue in the application before the attacker.
|
|
|
Analysis of Attacks Using Web Browser
Olejár, František ; Michlovský, Zbyněk (referee) ; Drozd, Michal (advisor)
Different attacks guided from web servers using web browsers are being analyzed and described in this Bachelor's thesis. A simulation environment is used to simulate the attacks. The environment was created using Browserider, using the web server Apache 2 and a virtual machine as well. On the basis of the analysis, the application ExploitAnalyzer was developed and implemented and can successfully record process's actions as well as IRP requests sent during an attack onto a web browser.
|
|
|
Secured access for web applications
Humpolík, Jan ; Pelka, Tomáš (referee) ; Doležel, Radek (advisor)
This thesis mainly concerns often neglected security part of each web application, but also secure access users themselves. Describes theoretically and practically modern security technology, on a web application being tested and shows a possible way of defense. Gives instructions for installing its own web server.
|
guest ::
