|
|
Security Analysis of Mifare Classic Smart Cards
Bobčík, Martin ; Hellebrandt, Lukáš (referee) ; Hujňák, Ondřej (advisor)
Goal of this bachelor thesis is a security study of MIFARE Classic contactless smart cards and risk analysis of their usage. There are described individual vunerabilities in the design and CRYPTO1 cipher of such cards. In this thesis is also experimented with Chameleon Mini device, which is used to perform two attacks and one cryptoanalysis of the cards. Namely, card emulation, relay attack, and analysis of insufficient randomness of cards' pseudorandom number generator. From those, only card emulation was fully successful.
|
|
|
Web application for testing web server vulnerabilities
Šnajdr, Václav ; Burda, Karel (referee) ; Smékal, David (advisor)
The Master’s Thesis deals with the design and implementation of a web application for testing the security of SSL/TLS protocols on a remote server. The web application is developed in the Nette framework. The theoretical part describes SSL/TLS protocols, vulnerabilities, recommendations and technologies used in the practical part. The practical part is devoted to the creation of a web application with the process of using automatic scripts to test and display the results on the website with a rating of A+~to~C. The web application also displays a list of detected vulnerabilities and their recommendations.
|
|
|
Secure Coding Guidelines for Python
Zádrapa, Jan ; Holop, Patrik (referee) ; Malinka, Kamil (advisor)
S narůstajícím počtem kybernetických útoků a vzrůstající cenou jejich dopadů se zvyšuje také poptávka po znalosti bezpečného programování. Python jako aktuálně nejoblíbenější programovací jazyk se stal nedílnou součástí této problematiky. Spousta programátorů umí Python používat, ale neumí jej používat bezpečně. Tomuto problému nepomáhá ani to, že samotný Python nemá dostatek pokynů a výukových materiálů pro bezpečnostní problematiku. Cílem této práce je informovat o největších bezpečnostních hrozbách programování v Pythonu a zároveň zajistit řešení těchto situací. Zaměření práce je na poučení veřejnosti pomocí výukových materiálů v podobě pokynů a výukové pomůcky. Výuková pomůcka v podobě webové aplikace by měla být přehledná a použitelná pro veřejnost. Součástí aplikace je také několik příkladů implementace zranitelností z reálného světa.
|
|
|
Vulnerability Detection Service of Web Page Libraries
Bednář, Radek ; Zendulka, Jaroslav (referee) ; Volf, Tomáš (advisor)
This thesis deals with the creating of an application for the detection of technologies used on websites and finding their vulnerabilities. Application is implemented using the Symfony Framework and the React.js library. The information source is the NVD database joined by data from the GitHub service. Apart from the detection of technologies, the application allows the user to manually create his own sets of technologies and share them using the URL address.
|
|
|
Security testing of selected network protocols and related vulnerabilities
Böhmová, Monika ; Šeda, Pavel (referee) ; Jeřábek, Jan (advisor)
This thesis focuses on problematics of IPv6, ICMPv6 and DNS protocols, vulnerabilities and testing of aforementioned protocols. Methods of testing including black-box, whitebox and grey-box are explained. Testing instances and scenarios are listed for black-box and white-box testing methods. Furthermore manual and automated testing with use of tools is differentiated. Thesis also includes creation of testing environment and tool for automated testing. Environment is created using a software tool for virtualization of network infrastructure and its elements using GNS3 tool. Tool for automated testing is created with the use of Python 3 programming language. This tool includes scripts which test devices present, settings of connected networks and verify device vulnerability to Man in the Middle attack. Testing of the tool on its own is performed using the created testing environment with various types of end devices which influence the progress and results of the tests which are the output of the automated testing tool either in human readable or machine readable formats.
|
|
|
Device that presents the vulnerabilities of the Internet of Things
Navrátil, Václav ; Pospíšil, Jan (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis focuses on creating checklists that will be used to perform security penetration testing of IoT devices. The theoretical part discusses the principle of IoT, the most commonly used communication protocols, the ISVS security standard and the resulting checklist. The next chapter, i.e., the practical part, contains procedures describing the manual testing of several IoT products. IoT devices were purchased for this purpose as a single unit along with the tools to test them. In total, four comprehensive tests were performed in the practical part.
|
|
| |
|
|
Secure Coding Guidelines for Python
Zádrapa, Jan ; Holop, Patrik (referee) ; Malinka, Kamil (advisor)
S narůstajícím počtem kybernetických útoků a vzrůstající cenou jejich dopadů se zvyšuje také poptávka po znalosti bezpečného programování. Python jako aktuálně nejoblíbenější programovací jazyk se stal nedílnou součástí této problematiky. Spousta programátorů umí Python používat, ale neumí jej používat bezpečně. Tomuto problému nepomáhá ani to, že samotný Python nemá dostatek pokynů a výukových materiálů pro bezpečnostní problematiku. Cílem této práce je informovat o největších bezpečnostních hrozbách programování v Pythonu a zároveň zajistit řešení těchto situací. Zaměření práce je na poučení veřejnosti pomocí výukových materiálů v podobě pokynů a výukové pomůcky. Výuková pomůcka v podobě webové aplikace by měla být přehledná a použitelná pro veřejnost. Součástí aplikace je také několik příkladů implementace zranitelností z reálného světa.
|
|
|
Security testing of selected network protocols and related vulnerabilities
Böhmová, Monika ; Šeda, Pavel (referee) ; Jeřábek, Jan (advisor)
This thesis focuses on problematics of IPv6, ICMPv6 and DNS protocols, vulnerabilities and testing of aforementioned protocols. Methods of testing including black-box, whitebox and grey-box are explained. Testing instances and scenarios are listed for black-box and white-box testing methods. Furthermore manual and automated testing with use of tools is differentiated. Thesis also includes creation of testing environment and tool for automated testing. Environment is created using a software tool for virtualization of network infrastructure and its elements using GNS3 tool. Tool for automated testing is created with the use of Python 3 programming language. This tool includes scripts which test devices present, settings of connected networks and verify device vulnerability to Man in the Middle attack. Testing of the tool on its own is performed using the created testing environment with various types of end devices which influence the progress and results of the tests which are the output of the automated testing tool either in human readable or machine readable formats.
|
|
|
Web application for testing web server vulnerabilities
Šnajdr, Václav ; Burda, Karel (referee) ; Smékal, David (advisor)
The Master’s Thesis deals with the design and implementation of a web application for testing the security of SSL/TLS protocols on a remote server. The web application is developed in the Nette framework. The theoretical part describes SSL/TLS protocols, vulnerabilities, recommendations and technologies used in the practical part. The practical part is devoted to the creation of a web application with the process of using automatic scripts to test and display the results on the website with a rating of A+~to~C. The web application also displays a list of detected vulnerabilities and their recommendations.
|
guest ::
