• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 84
  • 5
  • 4
  • 2
  • 1
  • 1
  • 1
  • Tagged with
  • 104
  • 104
  • 69
  • 66
  • 58
  • 50
  • 36
  • 34
  • 32
  • 31
  • 29
  • 29
  • 24
  • 24
  • 22
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Collaboration platform for penetration tests enhanced with machine learning

Henareh, Roni, Höglund, Hjalmar January 2024 (has links)
Penetration tests are designed to assess the security of systems, requiring testers to efficiently share information and document findings. A collaboration platform that utilizes machine learning is hypothesized to enhance this process by automating data collection and reporting. We evaluate computer vision for data collection and analysis of penetration testing tools, aiming to alleviate manual reporting burdens and improve the effectiveness in penetration testing teams. The proposed solution integrates computer vision, neural networks and large language models to understand and analyze outputs from various penetration testing tools without manual log parsing. By comparing different tools and methods, this study aims to streamline collaboration during penetration tests and automate the collection of actionable data for penetration testers.
12

Comparative analysis of automated scanning and manual penetration testing for enhanced cybersecurity

Rane, Nikhil, Qureshi, Amna 16 August 2024 (has links)
Yes / Web platform security has become a significant concern in the current cyber world. Adversaries constantly advance their skills and technologies to bypass modern cyber defence techniques to lure website vulnerabilities. In the cyber world, finding and mitigating vulnerabilities on the website is essential to avoid any damage to the organization. Two key techniques - vulnerability assessment and penetration testing - play a crucial role in identifying and mitigating these weaknesses. While vulnerability assessment scans the platform, revealing potential flaws, penetration testing goes a step further, simulating real-world attack scenarios to assess their true exploitability and possible damage. This paper compares automated scanning and manual penetration testing to evaluate the effectiveness of these techniques in uncovering vulnerabilities. The experimental results confirm that manual penetration testing is more effective than automated testing in terms of accuracy. Additionally, practical studies highlight the importance of a penetration tester's skills and experience in identifying and exploiting security weaknesses. Automated tools may also generate false positive results.
13

Pentesting on a WiFi Adapter : Afirmware and driver security analysis of a WiFi Adapter, with a subset of WiFi pentesting / Pentesting på en WiFi Adapter : En firmware och drivrutin säkerhetsundersökning av en WiFi Adapter med en delmäng av WiFi pentesting

Henning, Johan January 2023 (has links)
Simple IoT devices such as WiFi adapters have the possibility of containing vulnerabilities because of the vast complexity of parsing and implementing the IEEE 802.11 standard correctly. Many of these adapters contain specific and obscure CPU archetypes, making it difficult to assess their security on the firmware from an ethical hacking standpoint. This thesis aims to identify and report possible vulnerabilities, bugs or exploits in the seemingly unexplored chipset called rtl8188eus from Realtek and its corresponding drivers and firmware within the given limitations. The methods used to assess the security of the adapter are based on the Pentesting standard, STRIDE model and corresponding OWASP lists. Several approaches were attempted to analyse the firmware for potential weaknesses, but all attempts were unsuccessful. Other approaches, such as dynamic testing, gave more promising results. One finding from the dynamic testing resulted in a Linux kernel crash through the WiFi adapter which was made possible with only two types of WiFi frames. / Enkla IoT produkter som WiFi adapters har möjligheten att innehålla sårbarheter på grund av det är svårt att implementera de komplexa IEEE 802.11 standarden korrekt. Många av dessa adapters innehåller simpla men okända processorarketyper, vilket gör det svårt att validera deras säkerhet på det firmware som används i ett etiskt hackning synpunkt. Detta examensarbete mål är att identifiera och rapportera möjliga sårbarheter eller buggar i den till synes outforskade chipsetet kallad rtl8188eus från Realtek, dess motsvarande drivrutiner och firmware inom de givna begränsningarna. Metoderna som används för att bedöma adapterns säkerhet är baserade på Pentesting-standarden, STRIDE-modellen och motsvarande OWASP-listor. Flera metoder försökte analysera firmwaret för potentiella svagheter, men alla försök misslyckades. Andra tillvägagångssätt, såsom dynamisk testning, gav mer lovande resultat. Ett fynd från det dynamiska testet resulterade i en Linux kernel krasch genom WiFi-adaptern som möjliggjordes med endast två typer av WiFi frames.
14

Testování bezpečnosti bezdrátových sítí / Wireless networks security assessment

Klíma, Tomáš January 2010 (has links)
Main focus of this thesis is on wireless networks security auditing. Author's goal is to create new penetration testing methodology for wireless networks WIPE and prove its usability in real terms. This new methodology is based on currently used methodologies, approaches and tools, which are introduced and tested further in the work.
15

Development of Peer Instruction Material for a Cybersecurity Curriculum

Johnson, William 19 May 2017 (has links)
Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses.
16

Development of the Spectral-Analysis-of-Body-Waves (SABW) method for downhole seismic testing with boreholes or penetrometers

Kim, Changyoung 13 November 2012 (has links)
Downhole seismic testing and seismic cone penetration testing (SCPT) have shown little change since the 1990’s, with essentially the same sensors, sources, test procedures and analytical methods being used. In these tests, the time differences of first-arrivals or other reference points early in the time-domain signals have been used to calculate shear and compression wave velocities in soil and rock layers. This time-domain method requires an operator to pick the first arrival or other reference point of each seismic wave in the time record. Picking these reference points correctly is critical in calculating wave velocities. However, picking these points in time records is time consuming and is not always easy because of low signal-to-noise ratios, especially in the case of shear waves which arrive later in the time record. To avoid picking reference points, a cross-correlation method is sometimes applied to determine travel times of the seismic waves, especially in traditional downhole testing. One benefit of the cross-correlation method is that it can be automated. The cross-correlation method is not, however, appropriate for evaluation other body wave characteristics such as wave dispersion and material damping. An alternate approach is to use frequency-domain analysis methods which are well suited for evaluating time changes between all types of waveforms measured at spatially different points. In addition, frequency-domain methods can be automated and attenuation measurements can also be performed. Examples of such testing procedures with Rayleigh-type surface waves in geotechnical earthquake engineering are the Spectral-Analysis-of-Surface-Waves (SASW) and Multi-Channel-Analysis-of-Surface-Waves (MASW) methods. In this research, an automated procedure for calculating body wave velocities that is based on frequency-domain analysis is presented. The basis for and an automated procedure to calculated body wave dispersion is also presented. Example results showing shear wave velocity and material damping measurements in the SCPT are presented. The objective of this study is to improve downhole seismic tests with boreholes, cone penetrometers or flat-plate dilatometers by developing a frequency-domain analysis method which overcomes many of the disadvantages of time-domain analyses. The frequency-domain method is called the Spectral-Analysis-of-Body-Waves (SABW) method. The SABW method does not require an operator to pick the first-arrival or other reference times. As a result, the shear wave velocities and wave dispersion can be calculated in real time using the interpretation method with an automatic calculation procedure, thus reducing human subjectivity. Also, the SABW method can be used to determine additional information from the dispersion curves such as the material damping ratio and an estimate of soil type based on the dispersion relationship. In this research, field SCPT measurements are presented as an example to illustrate the potential of the SABW method. Measurements with shear waves are highlighted because these measurements are most often required in geotechnical earthquake engineering studies. / text
17

Development of a time domain reflectometry sensor for cone penetration testing

2015 January 1900 (has links)
An essential component for evaluating the performance of a mine site after its closure includes the tracking of water movement through mine waste such as tailings and overburden. A critical element of this evaluation is the measurement of the volume of water stored in the closure landform. The objective of this project was to design a time domain reflectometry (TDR) device that could be used to measure the volumetric water content of a soil profile to depths of 10 to 20 m. Upon completion of this project, the device will be integrated onto ConeTec’s cone penetration testing (CPT) shaft for initially monitoring Syncrude Canada Limited’s northeastern Alberta oil sands mine site. The objective of this project will be achieved through at least two phases of research and development; this thesis concentrates on the first phase. In this phase, research focused on prototype development through laboratory testing to determine appropriate TDR probe geometries and configurations that could be integrated onto a CPT shaft. Considerations also had to be made for protecting the integrity of the probe during field use and mitigating the effects of highly electrically conductive soils common in reclaimed mine sites. A number of different prototype designs were initially investigated in this research, leading to the development of a refined prototype for advanced testing. Testing for the project was carried out first in solutions of known dielectric constants and salinities, and then proceeded to soils with a range of known water contents and salinities. Good quality electrical connections were found to be crucial for generating waveforms that were easy to interpret; bad connections resulted in poor results in a number of cases. Decreased probe sensitivity was observed in response to increased rod embedment within the probe variants. A far greater decrease in sensitivity was seen in the results of the fully sheathed rods, although the sheathing was effective for extending the range of the probe in electrically conductive testing conditions. Despite poor results that were seen in some of the tests, overall the results were promising. In particular, results from the push-test showed that the probe was able to monitor changes in water content with depth.
18

Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities / Penetrationstestning för den oerfarne etiska hackaren : En gedigen grundmetodologi för detektering och mitigering av sårbarheter i webbapplikationer

Ottosson, Henrik, Lindquist, Per January 2018 (has links)
Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments. / Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.
19

Servicing a Connected Car Service

Svensson, Benjamin, Varnai, Kristian January 2015 (has links)
Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed.
20

Android Environment Security

Andersson, Gustaf, Andersson, Fredrik January 2012 (has links)
In modern times mobile devices are a increasing technology and malicious users are increasing as well. On a mobile device it often exist valuable private information that a malicious user is interested in and it often has lower security features implemented compared to computers. It is therefore important to be aware of the security risks that exist when using a mobile device in order to stay protected.In this thesis information about what security risks and attacks that are possible to execute towards a mobile device running Android will be presented. Possible attack scenarios are attacking the device itself, the communication between the device and a server and finally the server.

Page generated in 0.1583 seconds