Details

Penetracijski vdori in kibernetska varnost
ID Šurbek, Kristian (Author), ID Jurišić, Aleksandar (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,79 MB)
MD5: A71513AED1F42D4C197FCECFE87422CA

Abstract
Diplomsko delo se osredotoča na penetracijsko testiranje spletne aplikacije eQuiz in njenega strežnika. V okviru dela obravnavamo različne načine kibernetskih napadov. Poleg tega raziščemo najboljše prakse pri penetracijskem testiranju. Poudarek je na prepoznavanju ranljivosti, ki so značilne za aplikacijsko raven. Cilj je identificirati ranljivosti, kot so pomanjkljivo preverjanje vnosov, neustrezna blokada računa ob prepogostem napačnem vpisu in dostopne spletne strani, ki ne bi smele biti javno dostopne. Prav tako bomo v okviru dela testirali strežnik, na katerem je aplikacija, saj so pogosto tudi strežniki tarče napadov oziroma vstopna točka. Najdene ranljivosti strežnika in aplikacije analiziramo in ocenimo glede na stopnjo nevarnosti. Končni cilj diplomskega dela je predstavitev odkritih varnostnih pomanjkljivosti in predlogi za njihovo odpravo.

Language:Slovenian
Keywords:penetracijsko testiranje, kibernetska varnost, spletna aplikacija, strežnik.
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FRI - Faculty of Computer and Information Science
Year:2024
PID:20.500.12556/RUL-166011 This link opens in a new window
COBISS.SI-ID:220006915 This link opens in a new window
Publication date in RUL:17.12.2024
Views:573
Downloads:242
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Penetration testing and cybersecurity
Abstract:
In this thesis we focus on penetration testing of the web application eQuiz and its server. The focus of this thesis is on different types of cyber-attacks. In addition, best practices in penetration testing are explored. The emphasize will be on identifying vulnerabilities specific to the application layer. The aim is to identify vulnerabilities such as inadequate input validation, inadequate account lockout when incorrect entries are made too often, and access web pages that should not be publicly accessible. We also test the server on which the application is hosted, as servers are often the target of attacks or the entry point. The vulnerabilities found in the server and the application are analysed and assessed according to the level of threat. The final objective of the thesis is to present the security vulnerabilities found and to propose solutions to them.

Keywords:penetration testing, cybersecurity, web application, server

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back