Global ETD Search

21	Bezpečnostní audit firewallu / Firewall security audit Krajíček, Jiří January 2010 (has links) An aim of master´s thesis is Firewall security audit. Main tasks this work is introduce with principles of application for audit, create methodology and with this methodology make security audit of the selected firewalls. Theoretical part of this document deal with firewalls and possibilities of integration into network infrastructure. And next with audit and principles of application for security audit. Next practical part of this document deal with creation methodology and procedures including penetration testing. With this methodology is created audit of linux firewall and ISA 2006 included tips for change configuration providing more security.
22	Penetrační testování open-source software / Penetration Testing of an Open-Source Software Hrozek, Jakub January 2010 (has links) This thesis discusses the design and implementation of integrated penetration testing system. In the first two chapters, the reader is introduced to the topic of penetration testing. The basic techniques and classification of tests are described as well as some of the most widely used methodologies. It also discusses the need to automate the testing process. The fifth and sixth chapter discuss specification and detailed design of integrated penetration testing tool. Its implementation and the problems that had arisen during the process are the theme of chapter seven. The last part of the thesis describes practical experiments done with the tool and gives the reader some advice on securing computer networks.
23	Design and implementation of a non-aggressive automated penetration testing tool : An approach to automated penetration testing focusing on stability and integrity for usage in production environments Viggiani, Fabio January 2013 (has links) The focus of this Master’s thesis project is automated penetration testing. A penetration test is a practice used by security professionals to assess the security of a system. This process consists of attacking the system in order to reveal flaws. Automating the process of penetration testing brings some advantages, the main advantage being reduced costs in terms of time and human resources needed to perform the test. Although there exist a number of automated tools to perform the required procedures, many security professionals prefer manual testing. The main reason for this choice is that standard automated tools make use of techniques that might compromise the stability and integrity of the system under test. This is usually not acceptable since the majority of penetration tests are performed in an operating environment with high availability requirements. The goal of this thesis is to introduce a different approach to penetration testing automation that aims to achieve useful test results without the use of techniques that could damage the system under test. By investigating the procedures, challenges, and considerations that are part of the daily work of a professional penetration tester, a tool was designed and implemented to automate this new process of non-aggressive testing. The outcome of this thesis project reveals that this tool is able to provide the same results as standard automated penetration testing procedures. However, in order for the tool to completely avoid using unsafe techniques, (limited) initial access to the system under test is needed. / Det här examensarbete fokuserar i automatiserade penetrationstester. Penetrationstester används av säkerhetsspecialister för att bedöma säkerheten i ett system. Processen av ett penetrationstest består av olika attacker mot ett system för att hitta säkerhetshål. Automatiserade penetrationstester har fördelar som faktumet att det kostar mindre i tid och i mänskliga resurser som krävs. Trots att det finns många olika automatiserade verktyg för penetrationstestning, väljer många säkerhetsspecialister att göra det manuellt. Den största anledningen till att det görs manuellt är för att automatiserade verktygen använder sig av tekniker som kan kompromissa systemets stabilitet samt integritet. Det tillåts ofta inte, eftersom majoriteten av penetrationstesterna utförs i produktionsmiljöer som kräver hög tillgänglighet. Målet för det här examensarbetet är att introducera ett nytt tillvägagångssätt för automatiserad penetrationstestning, som inriktar sig på att ta fram användbara resultat utan tekniker som kan störa system under drift. Genom att undersöka procedurerna, utmaningarna samt vad som en penetrationstestare tar hänsyn till kommer ett verktyg designas och implementeras för att automatisera flödet av ett icke-aggressivt test. Resultatet av examensarbetet visar på att verktyget utvecklat kan uppnå samma resultat som de standardiserade penetrations-procedurerna givet begränsad tillgång till systemet. Penetration testing automation production environment IT security penetrationstester automatiserade produktionsmiljö IT säkerhet Communication Systems Kommunikationssystem
24	Threats to smart buildings : Securing devices in a SCADA network Lindqvist, Anna January 2021 (has links) This paper examines the possibilities of performing tests with the aim to ensure that devices in a SCADA network can be deemed secure before deployment. SCADA systems are found in most industries and have recently seen an increased use in building automation, most importantly the healthcare sector, which means that a successful attack toward such a system could endanger lives of patients and healthcare professionals.The method of testing was created to examine whether devices conflicted with the security flaws identified by OWASP IoT Top 10 list, meaning that OWASP IoT Top 10 was the foundation for the methodology used in this paper.Results of the tests show that the devices used in testing are not in conflict with the OWASP IoT Top 10 list when using the default settings. However, some settings that can be enabled on the devices would constitute a security risk if enabled. Cybersecurity SCADA Penetration testing Computer Engineering Datorteknik Software Engineering Programvaruteknik Information Systems
25	Testing IoT Security : A comparison of existing penetration testing frameworks and proposing a generic framework Widerberg Palmfeldt, Alva, Mattsson, William January 2023 (has links) The Internet of Things (IoT) refers to the billions of physical devices linked to the Internet worldwide, integrating into various systems like healthcare, finance, and transportation. However, the rapid market expansion has led to software and hardware security shortcomings, leaving IoT devices vulnerable to cybercriminals. The security can be maintained and evaluated in different ways, nonetheless, this thesis focuses on investigating the process of a penetration test to identify vulnerabilities present in IoT devices. This paper investigates and compares existing penetration testing frameworks and proposes a generic testing framework for IoT. The results show that there is no standardized penetration testing framework to target IoT devices, as there are for networks and the web. By defining IoT-specific testing methodologies, our research shows that common IoT vulnerabilities could be identified and exploited. Internet of Things penetration testing standardization framework vulnerability exploitation Computer Sciences Datavetenskap (datalogi)
26	Cyber Security Demonstrations using Penetration Testing on Wi-Fi Cameras / Cybersäkerhetsdemonstrationer genom penetrationstestning av Wi-Fi-kameror Gustafsson, Hanna, Kvist, Hanna January 2022 (has links) Cyber security is a rapidly changing area that contributes to people increasingly being exposed to Internet of Things (IoT). The risks of using IoT do not get enough attention from the users, nor does the supplier of the devices take full responsibility for security. There is a lack of comprehensive standards for secure products and without proper security measures, organizations using IoT are at risk of greater damage. There is a need of educating a diverse range of individuals within the area of cyber security, to reduce the risks of being a future victim. This thesis aims to increase the awareness and knowledge regarding current cyber security threats, by developing educational demonstrations. Two Wi-Fi cameras were penetration tested from an isolated network, where successful experiments showed that it was possible to remotely access the video stream of one camera, and extract the entire content of the SD card, without any requirements of user credentials. It was also shown that motion detection and privacy mode were possible to remotely enable and disable. Successful experiments also showed that a DoS attack could be carried out, by remotely rebooting one of the cameras. Additionally, a qualitative study was conducted, resulting in valuable criteria that a cyber security demonstration should fulfill. The vulnerabilities in both cameras were utilized developing five Proof of Concept demonstrations, presenting attack scenarios of i.a. an attacker breaking in without detection, espionage and blackmail. These demonstrations could be used in education to increase awareness of cyber security. Cyber Security Education Demonstration Wi-Fi Camera Vulnerability IoT Penetration Testing Computer and Information Sciences Data- och informationsvetenskap
27	ANEX: Automated Network Exploitation Through Penetration Testing Dazet, Eric Francis 01 June 2016 (has links) (PDF) Cyber attacks are a growing concern in our modern world, making security evaluation a critical venture. Penetration testing, the process of attempting to compromise a computer network with controlled tests, is a proven method of evaluating a system's security measures. However, penetration tests, and preventive security analysis in general, require considerable investments in money, time, and labor, which can cause them to be overlooked. Alternatively, automated penetration testing programs are used to conduct a security evaluation with less user effort, lower cost, and in a shorter period of time than manual penetration tests. The trade-off is that automated penetration testing tools are not as effective as manual tests. They are not as flexible as manual testing, cannot discover every vulnerability, and can lead to a false sense of security. The development of better automated tools can help organizations quickly and frequently know the state of their security measures and can help improve the manual penetration testing process by accelerating repetitive tasks without sacrificing results. This thesis presents Automated Network Exploitation through Penetration Testing (ANEX), an automated penetration testing system designed to infiltrate a computer network and map paths from a compromised network machine to a specified target machine. Our goal is to provide an effective security evaluation solution with minimal user involvement that is easily deployable in an existing system. ANEX demonstrates that important security information can be gathered through automated tools based solely on free-to-use programs. ANEX can also enhance the manual penetration testing process by quickly accumulating information about each machine to develop more focused testing procedures. Our results show that we are able to successfully infiltrate multiple network levels and exploit machines not directly accessible to our testing machine with mixed success. Overall, our design shows the efficacy of utilizing automated and open-source tools for penetration testing. network exploitation penetration testing pentesting computer security Computational Engineering Other Computer Engineering
28	A study of Oracle Cloud Infrastructure : Demonstration of the vulnerability or reliability of certain services through penetration attacks / En studie av Oracle Cloud Infrastructure : demonstration av sårbarheten eller tillförlitligheten hos vissa tjänster genom penetrationsattacker Feller, Shanly January 2023 (has links) This thesis aims to assess the security of Oracle Cloud Infrastructure (OCI) through penetration testing of some of its services. Targeted at cloud, cybersecurity, governance, and compliance professionals as well as administrators or cyber enthusiasts in general, this research uncovers specific best practices to OCI. We employ a methodology in three steps published by Astra aimed at cloud services auditing, combining penetration testing techniques and thorough documentation review to evaluate the security posture of OCI services. The scope encompasses IAM and MySQL Managed Databases. We found that unproperly supervised ABAC policies could lead to privilege escalation through the tagging of computing resources and that the MySQL service does not present the major issues that occurred in the managed services of OCI’s main competitors. This research contributes to the growing body of knowledge on cloud security and offers practical recommendations to strengthen OCI deployments, ultimately fostering greater confidence in adopting OCI services. / Syftet med denna uppsats är att undersöka säkerheten hos Oracle Cloud Infrastructure (OCI) genom penetrationstestning av några av dess tjänster. Riktad till moln-, cybersäkerhets-, styrnings- och efterlevnadsproffs, bidrar denna forskning till best-practice metoder för OCI. Vi tillämpar en metodik i tre steg som publicerats av Astra och som är inriktad på granskning av molntjänster. Metodiken kombinerar tekniker för penetrationstester och noggrann dokumentationsgenomgång för att utvärdera säkerhetsläget för OCI. Omfattningen inkluderar IAM och hanterade MySQL-databaser. Vi fann att bristfälligt övervakade ABAC-policyer kunde leda till privilegieeskaleringsproblem genom taggning av beräkningsresurser och att Oracles MySQL-tjänst inte har de större problem som hittades i hanterade tjänster hos OCIs främsta konkurrenter. Denna forskning bidrar till den växande kunskapsmängden om molnsäkerhet och erbjuder praktiska rekommendationer för att stärka implementeringar av OCI, vilket i slutändan främjar större förtroende för och antagandet av OCItjänster. Oracle Cloud Infrastructure penetration testing security practices cloud security vulnerability assessment. Computer Sciences Datavetenskap (datalogi)
29	CPTu Configuration Impact on Evaluated Undrained Shear Strength / Påverkan av CPTu-konfiguration på utvärderad odränerad skjuvhållfasthet Mjöberg, Mårten, Stenfors, Axel January 2020 (has links) This thesis evaluates the commonly used geotechnical probing method CPTu, on how different probe configurations impact the resulting evaluated undrained shear strength in soft clay deposits, in comparison to each other and laboratory methods. This is done by performing field investigations on Lindefältet, Södermanlands län, Sweden. Comparison is done on the two Swedish manufacturers of CPTu probes, by different calibration limits, filter types and whether overloading the probe over the calibration limit affects the evaluated undrained shear strength registered. The main conclusions are that one of the manufacturers’ probes registers deviating results in one configuration, that calibration limit has a noticable impact on the results, and that overloading on the probe and filter choice has negliable impact on the results. / I detta examensarbete utvärderas den vanligt förekommande geotekniska sonderingsmetoden CPTu, på hur olika konfigurationer av sonder påverkar den resulterande utvärderade odränerade skjuvhållfastheten i lösa leravlagringar, 9i jämförelse med varandra och med laboratoriemetoder. Detta är genomfört genom fältundersökningar på Lindefältet, Södermanlands län. Jämförelsen gjordes på de två svenska CPTu-tillverkarnas sonder. Detta är gjort med hänsyn till olika kalibreringar av konspetstryck, filtertyper, och huruvida sonden har varit överlastad påverkar den utvärderade skjuvhållfastheten som registreras. De huvudsakliga slutsatserna är att en av tillverkarnas sonder registerar udda värden i en konfiguration, att kalibreringar av konspetstryck har en märkbar påverkan på de resulterande värdena på utvärderade odränerade skjuvhållfastheten, samt att överlastning av sonder och val av filtertyp har liten till omärkbar påverkan på resultatet. Cone Penetration Testing Fields trials Soil mechanics Evaluated undrained shear strength. Geotechnical Engineering Geoteknik
30	A Study on Ethical Hacking in Cybersecurity Education Within the United States Chew, Jordan 01 March 2024 (has links) (PDF) As the field of computer security continues to grow, it becomes increasingly important to educate the next generation of security professionals. However, much of the current education landscape primarily focuses on teaching defensive skills. Teaching offensive security, otherwise known as ethical hacking, is an important component in the education of all students who hope to contribute to the field of cybersecurity. Doing so requires a careful consideration of what ethical, legal, and practical issues arise from teaching students skills that can be used to cause harm. In this thesis, we first examine the current state of cybersecurity education in the United States through a holistic view of funding, certifications, and course offerings. We then offer a framework to navigate the ethical and legal issues of teaching offensive security, as well as serve as a technical reference of useful tools for configuring and conducting a course in ethical hacking. Together, these contributions can be a baseline for educators looking to create courses on ethical hacking topics. Ethical Hacking Penetration Testing Security Tools Computing Education Curriculum and Instruction Educational Technology Information Security

Search results