Thesis Details
Nástroj pro penetrační testování webových aplikací
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
Security, web applications, Cross-Site Scripting, XSS, SQL Injection, SQLI, penetration testing, vulnerability, OWASP
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Květoňová Šárka, Ing., Ph.D. (DIFS FIT BUT), člen
Španěl Michal, Ing., Ph.D. (DCGM FIT BUT), člen
Zbořil František, doc. Ing., Ph.D. (DITS FIT BUT), člen
@bachelorsthesis{FITBT15662,
author = "Michal Dobe\v{s}",
type = "Bachelor's thesis",
title = "N\'{a}stroj pro penetra\v{c}n\'{i} testov\'{a}n\'{i} webov\'{y}ch aplikac\'{i}",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2015,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/15662/"
}