Priprava in izvedba penetracijskega testiranja v virtualnem okolju

magistrsko delo

Aljaž Mrakič (Author), Alenka Brezavšček (Mentor), Robert Leskovar (Co-mentor)

Abstract

V zaključnem delu smo se osredotočili na področje varnostnega pregledovanja oz. penetracijskega testiranja kot pomembnega področja t. i. ofenzivne kibernetske varnosti. Predstavili smo teoretične osnove penetracijskega testiranja, od različnih metodologij, metod in tehnik testiranj, najpogosteje uporabljenih orodij in operacijskih sistemov, spletnih strežnikov in aplikacij, do domačih in nekaterih tujih pravnih podlag ter evropskih direktiv s tega področja. V empiričnem delu naloge smo izvedli penetracijski test tudi praktično. Test smo izvajali v izbranem virtualnem okolju, pri čemer smo sledili fazam izbrane metodologije PTES ter uporabili določena orodja, ki smo jih predstavili v teoretičnem delu. Po opravljenem testiranju smo ugotovitve strnili v poročilo in podali predloge za odpravo odkritih ranljivosti z namenom izboljšanja varnosti v izbranem testnem okolju.

Keywords

penetracijsko testiranje;diplomske naloge;

Data

Language:	Slovenian
Year of publishing:	2021
Typology:	2.09 - Master's Thesis
Organization:	UM FOV - Faculty of Organizational Sciences
Publisher:	[A. Mrakič]
UDC:	004
COBISS:	72457987
Views:	319
Downloads:	48
Average score:	0 (0 votes)
Metadata:

Other data

Secondary language:	English
Secondary title:	Preparation and examination of a penetration test in a virtual environment
Secondary abstract:	In the thesis, we focused on the penetration testing as an essential area of offensive cybersecurity. In the first part of the thesis, we presented the theoretical background of the penetration testing, ranging from various penetration testing methodologies, testing methods, commonly used testing tools and operating systems, web servers and applications. Furthermore, we described the national and some foreign regulations, including European directives, covering the area of cybersecurity. In the empirical part of the thesis, we examined a real penetration test in a chosen virtual environment. During the testing process, we followed the phases of the PTES methodology. We used some of the tools that we have described within the theoretical part of the thesis. After the testing process, we summarized our findings in a report, where we also made some recommendations on how to fix the discovered vulnerabilities in order to improve the security of the systems under consideration.
Secondary keywords:	Varnost računalniških sistemov;Univerzitetna in visokošolska dela;
Type (COBISS):	Master's thesis/paper
Thesis comment:	Univ. v Mariboru, Fak. za organizacijske vede
Pages:	VI, 83 f.
ID:	12992413