Bradford Scholars: An online repository for the University of Bradford

Nieminen, Satu M.

January 2008

The University of Bradford currently have a number of digital repositories within the University but it does not have an institutional repository. The partly JISC-funded project (Bradford University Repository Project - BURP!) aims to address the lack of a centrally managed repository for the University's research output. This article gives a brief update of the progress in the one-year project commenced in March 2009.

Institutional Repositories

University of Bradford

BURP

JISC

Moduly pro manuln­ penetraÄn­ testovn­ webov© aplikace / Modules for Manual Penetration Testing of a Web Application

Heriban, Radoslav

January 2021

The main goal of this master's thesis was development of Burp Suite extension capable of interacting with various other automated tools, accompanied with development of a web application. Chapter two contains analysis of tools commonly used in penetration testing that could benefit from the ability to share Burp Suites data or functionality. The programming languages used were Java and JavaScript. The extension acts as a gateway to inner functionality of Burp Suite. It enables exfiltration of in memory objects such as sitemap, proxy history or found issues in JSON format to other tools, and also listens for incoming data that can be inserted into it's existing modules such as Repeater, Scanner, Spider or Comparer. Frontend application was written using JavaScript library React. The web application offers a graphical visualization of issue data.

Characterization of the role of Zea mays burp domain-containing genes in maize drought responses

Phillips, Kyle

January 2016

Philosophiae Doctor - PhD / Global climate change has resulted in altered rainfall patterns, causing annual losses in maize crop yield due to water deficit stress. Therefore, it is important to produce maize cultivars which are more drought-tolerant. This not an easily accomplished task as plants have a plethora of physical and biochemical adaptation methods. One such mechanism is the drought-induced expression of enzymatic and non-enzymatic proteins which assist plants to resist the effects of water deficit stress. The RD22-like protein subfamily is expressed in response to water deficit stress. Members of the RD22-like subfamily include AtRD22, GmRd22 and BnBDC1 which have been identified in Arabidopsis thaliana, Glycine max and Brassica napus respectively. This study aims at characterising two putative maize RD22-like proteins (designated ZmRd22A and ZmRd22B) by identifying sequence/domain features shared with characterised RD22-like proteins. Semi-quantitative and quantitative PCR techniques were used to examine the spatial and temporal expression patterns of the two putative maize Rd22-like proteins in response to, water deficit stress and exogenously applied abscisic acid in the roots and 2nd youngest leaves of maize seedlings. Using an in silico approach, sequence homology of the two putative maize Rd22- like proteins with AtRD22, GmRD22 and BnBDC1 has been analysed. Online bioinformatic tools were used to compare the characteristics of these Rd22-like proteins with those of the two maize proteins. It was shown that the putative maize RD22-like proteins share domain organisation with the characterised proteins, these common features include a N-terminal hydrophobic signal peptide, followed by a region with a conserved amino acid sequence, a region containing several TxV (x is any amino acid) repeat units and a C-terminal BURP domain-containing the conserved X₅-CH-X₁₀-CH-X₂₃-₂₇-CH-X₂₃-₂₆-CH-X₈-W motif. The putative maize Rd22-like protein appears to be localized in the apoplast, similarly to AtRD22, GmRD22 and BnBDC1. Analysis of the gene's promotor regions reveals cis-acting elements suggestive of induction of gene expression by water deficit stress and abscisic acid (ABA). Semi-quantitative and quantitative real time PCR analysis of the putative maize RD22-like gene revealed that the genes are not expressed in the roots. Exposure to water deficit stress resulted in an increase of ZmRD22A transcript accumulation in the 2nd youngest leaves of maize seedlings. ZmRD22A was shown to be non-responsive to exogenous ABA application. ZmRD22B was highly responsive to exogenous ABA application and responded to water deficit stress to a lesser degree. Transcript accumulation studies in three regions of the 2nd youngest leaves in response to water deficit stress showed that ZmRd22A transcripts accumulate mainly at the base and tips of the leaves. A restricted increase in ZmRD22A transcript accumulation in the middle of the leaves was observed. ZmRD22B showed a similar, but weaker transcript accumulation pattern in response to water deficit stress. However, ZmRD22B showed increased transcript accumulation in the middle region of the leaves. In response to exogenous ABA application, ZmRd22B exhibited high transcript accumulation at the base of the 2nd youngest leaves, with the middle showing higher transcript accumulation than the tip of the leaves. It was concluded that ZmRD22A and ZmRD22B share the domain organisation of characterised RD22-like proteins as well as being responsive to water deficit stress, although only ZmRD22B was shown to be responsive to exogenous ABA application. / National Research Foundation (NRF)

BURP-domain containing protein

RD22-like proteins

Water deficit stress

Transcript accumulation

Maize

Abscisic acid

Web Penetration testing : Finding and evaluating vulnerabilities in a web page based on C#, .NET and Episerver

Lundquist Amir, Ameena, Khudur, Ivan

January 2022

Today’s society is highly dependent on functional and secure digital resources, to protect users and to deliver different kinds of services. To achieve this, it is important to evaluate the security of such resources, to find vulnerabilities and handle them before they are exploited. This study aimed to see if web applications based on C#, .NET and Episerver had vulnerabilities, by performing different penetration tests and a security audit. The penetration tests utilized were SQL injection, Cross Site Scripting, HTTP request tampering and Directory Traversal attacks. These attacks were performed using Kali Linux and the Burp Suite tool on a specific web application. The results showed that the web application could withstand the penetration tests without disclosing any personal or sensitive information. However, the web application returned many different types of HTTP error status codes, which could potentially reveal areas of interest to a hacker. Furthermore, the security audit showed that it was possible to access the admin page of the web application with nothing more than a username and password. It was also found that having access to the URL of a user’s invoice file was all that was needed to access it. / Dagens samhälle är starkt beroende av funktionella och säkra digitala resurser, för att skydda användare och för att leverera olika typer av tjänster. För att uppnå detta är det viktigt att utvärdera säkerheten för sådana resurser för att hitta sårbarheter och hantera dem innan de utnyttjas. Denna studie syftar till att se om webapplikationer baserade på C#, .NET och Episerver har sårbarheter, genom att utföra olika penetrationstester och genom att göra en säkerhetsgranskning. Penetrationstesterna som användes var SQL-injektion, Cross Site Scripting, HTTP-förfrågningsmanipulering och Directory Traversal-attacker. Dessa attacker utfördes med Kali Linux och Burp Suite-verktygen på en specifik webbapplikation. Resultaten visade att webbapplikationen klarade penetrationstesterna utan att avslöja någon personlig eller känslig information. Webbapplikationen returnerade dock många olika typer av HTTP-felstatuskoder, som potentiellt kan avslöja områden av intresse för en hackare. Vidare visade säkerhetsgranskningen att det var möjligt att komma åt webbapplikationens adminsida med inget annat än ett användarnamn och lösenord. Det visade sig också att allt som behövdes för att komma åt en användares fakturafiler var webbadressen.

Ethical hacking

Penetration testing

Cybersecurity

DREAD

HTTP

HTTPS

Episerver

Kali Linux

Burp Suite

SQL injection

XSS

HTTP Method Tampering

Directory Traversal

HSTS

IDOR

Authentication

MFA

Computer and Information Sciences

Data- och informationsvetenskap