|
|
Security Aspects of Applications in Angular 5 Platform
Čermáková, Martina ; Zeman, Václav (referee) ; Burda, Karel (advisor)
The bachelor thesis is focused on security aspects of Single Page Application in An- gular 5. The main goal is to introduce security risks for developing a web applications and afterwards to implement author’s own knowledge that should guarantee security of the developed application. In theoretical part the reader is introduced to OWASP Top Ten project and security risks in backend, where is primary put stress on XSS and CSRF attacks. In practical part there is created a web application in Angular 5, there are simulations of XSS and CSRF attacks including explanation and fix of security issue. The thesis also aims at security of REST service and includes a summarizing list of recommendations for developers to know how to create secure web applications.
|
|
|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Mareš, Martin (referee)
In this work I will focus on the most common forms of attacks on web applications. My focus will point on so called Injection flaws (attacks where data given by user are interpreted and executed), XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery), that have for web application in case of compromisation fatal consequences. I will describe these attacks, their history, concrete examples of successful execution. I will propose also possible kinds of protection and possibilities of detection.
|
|
|
Security Aspects of Applications in Angular 5 Platform
Čermáková, Martina ; Zeman, Václav (referee) ; Burda, Karel (advisor)
The bachelor thesis is focused on security aspects of Single Page Application in An- gular 5. The main goal is to introduce security risks for developing a web applications and afterwards to implement author’s own knowledge that should guarantee security of the developed application. In theoretical part the reader is introduced to OWASP Top Ten project and security risks in backend, where is primary put stress on XSS and CSRF attacks. In practical part there is created a web application in Angular 5, there are simulations of XSS and CSRF attacks including explanation and fix of security issue. The thesis also aims at security of REST service and includes a summarizing list of recommendations for developers to know how to create secure web applications.
|
|
|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Mareš, Martin (referee)
In this work I will focus on the most common forms of attacks on web applications. My focus will point on so called Injection flaws (attacks where data given by user are interpreted and executed), XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery), that have for web application in case of compromisation fatal consequences. I will describe these attacks, their history, concrete examples of successful execution. I will propose also possible kinds of protection and possibilities of detection.
|
|
|
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Čermák, Miroslav (referee)
Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are characterized possibilities of further development in area of better results of false positives. Implemented detection of all proposed attacks did slow down server response time by 10% and was able to detect more than 99% SQL injection, Path traversal and SSI injection attacks contained in web application security scanners.
|
guest ::
