Global ETD Search

31	CPTu Configuration Impact on Evaluated Undrained Shear Strength / Påverkan av CPTu-konfiguration på utvärderad odränerad skjuvhållfasthet Mjöberg, Mårten, Stenfors, Axel January 2020 (has links) This thesis evaluates the commonly used geotechnical probing method CPTu, on how different probe configurations impact the resulting evaluated undrained shear strength in soft clay deposits, in comparison to each other and laboratory methods. This is done by performing field investigations on Lindefältet, Södermanlands län, Sweden. Comparison is done on the two Swedish manufacturers of CPTu probes, by different calibration limits, filter types and whether overloading the probe over the calibration limit affects the evaluated undrained shear strength registered. The main conclusions are that one of the manufacturers’ probes registers deviating results in one configuration, that calibration limit has a noticable impact on the results, and that overloading on the probe and filter choice has negliable impact on the results. / I detta examensarbete utvärderas den vanligt förekommande geotekniska sonderingsmetoden CPTu, på hur olika konfigurationer av sonder påverkar den resulterande utvärderade odränerade skjuvhållfastheten i lösa leravlagringar, 9i jämförelse med varandra och med laboratoriemetoder. Detta är genomfört genom fältundersökningar på Lindefältet, Södermanlands län. Jämförelsen gjordes på de två svenska CPTu-tillverkarnas sonder. Detta är gjort med hänsyn till olika kalibreringar av konspetstryck, filtertyper, och huruvida sonden har varit överlastad påverkar den utvärderade skjuvhållfastheten som registreras. De huvudsakliga slutsatserna är att en av tillverkarnas sonder registerar udda värden i en konfiguration, att kalibreringar av konspetstryck har en märkbar påverkan på de resulterande värdena på utvärderade odränerade skjuvhållfastheten, samt att överlastning av sonder och val av filtertyp har liten till omärkbar påverkan på resultatet. Cone Penetration Testing Fields trials Soil mechanics Evaluated undrained shear strength. Geotechnical Engineering Geoteknik
32	A Study on Ethical Hacking in Cybersecurity Education Within the United States Chew, Jordan 01 March 2024 (has links) (PDF) As the field of computer security continues to grow, it becomes increasingly important to educate the next generation of security professionals. However, much of the current education landscape primarily focuses on teaching defensive skills. Teaching offensive security, otherwise known as ethical hacking, is an important component in the education of all students who hope to contribute to the field of cybersecurity. Doing so requires a careful consideration of what ethical, legal, and practical issues arise from teaching students skills that can be used to cause harm. In this thesis, we first examine the current state of cybersecurity education in the United States through a holistic view of funding, certifications, and course offerings. We then offer a framework to navigate the ethical and legal issues of teaching offensive security, as well as serve as a technical reference of useful tools for configuring and conducting a course in ethical hacking. Together, these contributions can be a baseline for educators looking to create courses on ethical hacking topics. Ethical Hacking Penetration Testing Security Tools Computing Education Curriculum and Instruction Educational Technology Information Security
33	Testing and Improving the Security of a Mobile Application / Testning och förbättring av säkerheten i en mobilapplikation Gyulai, Sofia, Holmgren, William January 2019 (has links) When making new software systems, security testing should always be included in the process. In this thesis, attacks were identified and performed against a system consisting of two servers and an Android application. A penetration test was also performed against parts of the system. If an attack was successful, this was considered a vulnerability. The attacks that were identified and performed were a NoSQL injection attack a man-in-the-middle attack and reverse engineering. Through the man-in-the-middle attack and reverse engineering, breaching security properties such as confidentiality and integrity was possible. The NoSQL injection attack was not successful in breaching neither. No results from these could be used to exploit the system further. Countermeasures were taken to secure against the discovered vulnerabilities, and new instances of the attacks were performed after this as well. The overall conclusion is that the system is now secure against our implementations of the attacks performed in this thesis. security testing android mobile application penetration testing attack Computer and Information Sciences Data- och informationsvetenskap Computer Sciences Datavetenskap (datalogi)
34	CPT Prediction of Soil Behaviour Type, Liquefaction Potential and Ground Settlement in North-West Christchurch Van T Veen, Lauren Hannah January 2015 (has links) As a consequence of the 2010 – 2011 Canterbury earthquake sequence, Christchurch experienced widespread liquefaction, vertical settlement and lateral spreading. These geological processes caused extensive damage to both housing and infrastructure, and increased the need for geotechnical investigation substantially. Cone Penetration Testing (CPT) has become the most common method for liquefaction assessment in Christchurch, and issues have been identified with the soil behaviour type, liquefaction potential and vertical settlement estimates, particularly in the north-western suburbs of Christchurch where soils consist mostly of silts, clayey silts and silty clays. The CPT soil behaviour type often appears to over-estimate the fines content within a soil, while the liquefaction potential and vertical settlement are often calculated higher than those measured after the Canterbury earthquake sequence. To investigate these issues, laboratory work was carried out on three adjacent CPT/borehole pairs from the Groynes Park subdivision in northern Christchurch. Boreholes were logged according to NZGS standards, separated into stratigraphic layers, and laboratory tests were conducted on representative samples. Comparison of these results with the CPT soil behaviour types provided valuable information, where 62% of soils on average were specified by the CPT at the Groynes Park subdivision as finer than what was actually present, 20% of soils on average were specified as coarser than what was actually present, and only 18% of soils on average were correctly classified by the CPT. Hence the CPT soil behaviour type is not accurately describing the stratigraphic profile at the Groynes Park subdivision, and it is understood that this is also the case in much of northwest Christchurch where similar soils are found. The computer software CLiq, by GeoLogismiki, uses assessment parameter constants which are able to be adjusted with each CPT file, in an attempt to make each more accurate. These parameter changes can in some cases substantially alter the results for liquefaction analysis. The sensitivity of the overall assessment method, raising and lowering the water table, lowering the soil behaviour type index, Ic, liquefaction cutoff value, the layer detection option, and the weighting factor option, were analysed by comparison with a set of ‘base settings’. The investigation confirmed that liquefaction analysis results can be very sensitive to the parameters selected, and demonstrated the dependency of the soil behaviour type on the soil behaviour type index, as the tested assessment parameters made very little to no changes to the soil behaviour type plots. The soil behaviour type index, Ic, developed by Robertson and Wride (1998) has been used to define a soil’s behaviour type, which is defined according to a set of numerical boundaries. In addition to this, the liquefaction cutoff point is defined as Ic > 2.6, whereby it is assumed that any soils with an Ic value above this will not liquefy due to clay-like tendencies (Robertson and Wride, 1998). The method has been identified in this thesis as being potentially unsuitable for some areas of Christchurch as it was developed for mostly sandy soils. An alternative methodology involving adjustment of the Robertson and Wride (1998) soil behaviour type boundaries is proposed as follows:  Ic < 1.31 – Gravelly sand to dense sand  1.31 < Ic < 1.90 – Sands: clean sand to silty sand  1.90 < Ic < 2.50 – Sand mixtures: silty sand to sandy silt  2.50 < Ic < 3.20 – Silt mixtures: clayey silt to silty clay  3.20 < Ic < 3.60 – Clays: silty clay to clay  Ic > 3.60 – Organics soils: peats. When the soil behaviour type boundary changes were applied to 15 test sites throughout Christchurch, 67% showed an improved change of soil behaviour type, while the remaining 33% remained unchanged, because they consisted almost entirely of sand. Within these boundary changes, the liquefaction cutoff point was moved from Ic > 2.6 to Ic > 2.5 and altered the liquefaction potential and vertical settlement to more realistic ii values. This confirmed that the overall soil behaviour type boundary changes appear to solve both the soil behaviour type issues and reduce the overestimation of liquefaction potential and vertical settlement. This thesis acts as a starting point towards researching the issues discussed. In particular, future work which would be useful includes investigation of the CLiq assessment parameter adjustments, and those which would be most suitable for use in clay-rich soils such as those in Christchurch. In particular consideration of how the water table can be better assessed when perched layers of water exist, with the limitation that only one elevation can be entered into CLiq. Additionally, a useful investigation would be a comparison of the known liquefaction and settlements from the Canterbury earthquake sequence with the liquefaction and settlement potentials calculated in CLiq for equivalent shaking conditions. This would enable the difference between the two to be accurately defined, and a suitable adjustment applied. Finally, inconsistencies between the Laser-Sizer and Hydrometer should be investigated, as the Laser-Sizer under-estimated the fines content by up to one third of the Hydrometer values. CPT liquefaction soil canterbury earthquakes canterbury earthquake sequence Ic value soil behaviour type Christchurch earthquake sequence settlement cone penetration testing
35	Penetration Testing in a Web Application Environment Vernersson, Susanne January 2010 (has links) As the use of web applications is increasing among a number of different industries, many companies turn to online applications to promote their services. Companies see the great advantages with web applications such as convenience, low costs and little need of additional hardware or software configuration. Meanwhile, the threats against web applications are scaling up where the attacker is not in need of much experience or knowledge to hack a poorly secured web application as the service easily can be accessed over the Internet. While common attacks such as cross-site scripting and SQL injection are still around and very much in use since a number of years, the hacker community constantly discovers new exploits making businesses in need of higher security. Penetration testing is a method used to estimate the security of a computer system, network or web application. The aim is to reveal possible vulnerabilities that could be exploited by a malicious attacker and suggest solutions to the given problem at hand. With the right security fixes, a business system can go from being a threat to its users’ sensitive data to a secure and functional platform with just a few adjustments. This thesis aims to help the IT security consultants at Combitech AB with detecting and securing the most common web application exploits that companies suffer from today. By providing Combitech with safe and easy methods to discover and fix the top security deficiencies, the restricted time spent at a client due to budget concerns can be made more efficient thanks to improvements in the internal testing methodology. The project can additionally be of interest to teachers, students and developers who want to know more about web application testing and security as well as common exploit scenarios. penetration testing exploit XSS code injection CSRF web application security vulnerability assessment methodology Computer Sciences Datavetenskap (datalogi)
36	Aplikace pro penetrační testování webových zranitelností typu Denial of Service / Penetration Testing Application for DoS Based Web Vulnerabilities Vrána, Jaroslav January 2011 (has links) This work deals with a issue of a DoS vulnerability in web applications. At first, there are described principles of a computer security, general principles of the DoS and a penetration testing. Further text describes a OWASP Testing Guide v3 for the DoS in web applications. There is a design of own application on basis own experiences. This application is implemented and tested by the web applications.
37	Ethical Hacking of an IoT camera / Etisk hackning av en IoT-kamera Hellesnes, Nicolai January 2021 (has links) With the fast growing popularity of IoT devices, a new entry point for cyber attacks is emerging. As IoT devices such as security cameras become more widely used in settings where security and privacy can be considered a key concern, more research about these devices must be done to ensure that the security requirements are met. In this thesis the home security camera Reolink E1 Zoom has been evaluated. The security of the device was evaluated with a 7 step method which consisted of pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation, post exploitation, and reporting. The threat modeling and penetration testing was conducted on the IoT device with a focus on the web application. The result of the penetration testing was that one vulnerability was discovered, an XSS attack, with many other security issues not directly leading to an exploit also being discovered. The vulnerability discovered was reported to the manufacturer as detailed in the thesis. The conclusion is that the security of the IoT device was lacking in certain areas. / IoT har med en snabbt växande popularitet öppnat för nya potentiella problem med cyberattacker. Då IoT-enheter som säkerhetskameror börjar användas i en större utsträckning i sammanhang där säkerhet och integritet har högsta prioritet, måste mer forskning kring säkerheten av dessa enheter utföras. Detta för att kunna säkerställa att säkerhetskraven är uppnådda. I denna avhandlingen har säkerheten av IoT-enheten Reolink E1 Zoom analyserats. Säkerheten av enheten hara analyserats med hjälp av en 7-stegsmetod som bestod av förberedning, informationssökning, hotmodellering, säkerhetsanalys, efter-exploatering, samt rapportering. hotmodelleringen samt penetrationstestningen som genomfördes på enheten fokuserade på webbapplikationen. Resultatet av penetrationstestningen var att en sårbarhet hittades, en XSS-attack, ett flertal andra säkerhetsproblem som inte direkt ledde till en sårbarhet identifierades också. Sårbarheten som identifierades blev rapporterad till företaget enligt beskrivelsen i rapporten. Slutsaten är att säkerheten av IoT-enheten har brister inom vissa områden. security IoT camera IoT penetration testing threat modeling säkerhet IoT-kamera IoT penetrationstestning hotmodellering Computer Sciences Datavetenskap (datalogi)
38	Penetration Testinga Saia Unit : A Control System for Water, Ventilation, and Heating in Smart Buildings / Penetrationstestning av en Saia enhet : Ett kontrollsystem för vatten, ventilation, och värme i smarta byggnader. Dzidic, Elvira, Jansson Mbonyimana, Benjamin January 2021 (has links) The concept of Smart Buildings and automated processes is a growing trend. Due to a rapidly growing market of buildings that relies on the Internet, improper security measures allow hackers to gain control over the whole system easily and cause devastating attacks. Plenty of effort is being put into testing and securing the devices within a smart building in order to contribute to a more sustainable society. This thesis has evaluated the security of a control system for water, ventilation, and heating in smart buildings by using ethical hacking, where the testing is based on a systematic and agile pentesting process. The penetration testing was conducted using the method Black- box testing, and the testing was based on a threat model that was created to identify vulnerabilities. The results from the penetration tests did not find any exploitable vulnerabilities. However, flaws in the system, such as data being transferred in clear text and unlimited login attempts, that need to be addressed to avoid further problems, were found. The conclusion from evaluating the control system affirms that the strength of the password has a significant role, but that system can still be exposed to other hacking techniques, such as ”Pass the hash”. / Begreppet smarta byggnader och automatiserade processer är en växande trend. På grund av en snabbt växande marknad av byggnader som är beroende av Internet, har bristfälliga säkerhetsåtgärder resulterat i att hackare enkelt kan få kontroll över hela systemet och orsaka förödande attacker. Ansträngningar läggs på att testa och säkra enheterna i en smart byggnad för att bidra till ett mer hållbart samhälle. Denna avhandling har utvärderat säkerheten för ett styrsystem för vatten, ventilation och uppvärmning i smarta byggnader med hjälp av etisk hacking, där testningen baseras på en systematisk och agil pentestning process. Penetrationstestningen genomfördes genom att använda sig av metoden Blackbox testning, medan testningen baserades på en hotmodell som skapades för att identifiera sårbarheter. Resultaten från penetrationstesterna hittade inga sårbarheter att dra nytta utav. Dock hittades brister i systemet, bland annat att data överförs i klartext och att användaren har oändligt många inloggningsförsök, som måste åtgärdas för att undvika framtida problem. Slutsatsen från utvärderingen av styrsystemet bekräftar att styrkan på lösenordet har en signifikant roll, men att systemet ändå kan vara utsatt av andra hackningstekniker så som ”Pass the hash”. Smart Buildings IoT Saia Penetration Testing Security Smarta Byggnader IoT Saia Penetrationstestning Säkerhet Computer and Information Sciences Data- och informationsvetenskap
39	Internet of things security in healthcare : A test-suite and standard review Johansson, Michael January 2018 (has links) Internet of things is getting more and more popular in healthcare as it comes with benefits that help with efficiency in saving lives and reduce its cost, but it also presents a new attack vector for an attacker to steal or manipulate information sent between them. This report will focus on three properties in the definition of security, confidentiality, integrity and access control. The report will look into what challenges there is in healthcare IoT today through a literature review and from those challenges look into what could minimise these challenges before a device gets into production. The report found that the lack of standardisation has lead to errors that could be easily prevented by following a guideline of tests as those from the European Union Agency for Network and Information Security, or by running a penetration test with the tools brought up in the report on the device to see what vulnerabilities are present. Internet of Things Healthcare Security Privacy Penetration testing Internet of Things Sjukvård Säkerhet Integritet Penetrationstest Computer Sciences Datavetenskap (datalogi)
40	A cybersecurity audit of the Garmin Venu Antal, Oliver January 2023 (has links) The presence of smart wearables has established itself as a norm of the 21 st century, but the state of their trustworthiness from the viewpoint of personal safety remains debatable. The information gathered by such devices has great potential for personal safety risks and must be handled safely. Previous work on the Garmin Venu watch gave room for relevant future work. This thesis aims to perform further evaluation of this smartwatch in unexplored areas. The work took inspiration from the relatively new “PatrIoT” penetration testing methodology, developed in-house at the Network and Systems Engineering lab, customized for penetration testing of Internet of Things devices. This project examined a broad surface on the watch including network traffic, data over USB connection, a few details in the watch’s update mechanism, probed for some memory attack mitigations, fuzz testing of some functions in the Software Development Kit’s Application Programming Interface, and some more. According to these investigations, the watch is perceived as safe. A deeper look into some investigations is left for future work. / Bärbara enheter har blivit en normal del av 21:a århundradet, men deras pålitlighet från ett personligt säkerhetssynvinkel är diskutabelt. Informationen som samlas in av dessa har stort potential för att orsaka personliga säkerhetsrisker och måste hanteras säkert. Tidigare utförda undersökningar av Garmin Venu-smartklockan lämnade utrymme för relevant framtida arbete. Det här examensarbetet siktar på att utföra ytterligare undersökningar av denna smartklocka. Arbetet tog inspiration av det relativt nya “PatrIoT” intrångstestmetodologin, internt utvecklad av personalen i avdelningen för nätverk och systemteknik, skräddarsydd för intrångstestning av Sakernas Internet-enheter. Det här projektet undersökte en bred attackyta på klockan, inkluderande datatrafik, data över USB-anslutning, några detaljer i klockans uppdateringsmekanism, undersökte närvaron av några mekanismer för minnesbaserade attacker, försök till störningsattacker i programvaruutvecklingssatsens applikationsprogrammeringsgränssnitt, med flera. Enligt dessa undersökningar uppfattas klockan vara säker. En djupare undersökning av dessa aspekter lämnas till framtida arbete. IoT wearables cybersecurity penetration testing sniffing fuzzing sakernas internet bärbara enheter cybersäkerhet intrångstestning avlyssning störningsattacker Computer and Information Sciences Data- och informationsvetenskap

Search results