diplomsko delo
Martin Prajnc (Author), Denis Trček (Mentor), David Jelenc (Co-mentor)

Abstract

Dandanes večina poslovanja in komunikacije poteka prek interneta. Tako je predvsem zaradi spletnih aplikacij, ki so produkt več tehnik in orodij za programiranje. Te tehnike in orodja se izjemno hitro razvijajo in nadgrajujejo, vendar z vidika varnosti to ni nujno vedno dobro. Problem je v tem, da mnoga podjetja namenijo velike količine proračuna le za razvoj, zato za varnost in varnostno testiranje ne ostane veliko sredstev. Varnostni pregledi se po navadi opravijo čisto na koncu, ko je produkt že pripravljen na dostavo kupcu. To je sicer bolje, kot da varnostnega pregleda sploh ne bi bilo, a najboljša praksa je, da se razvijalci zavedajo ranljivosti sistema, ki ga razvijajo, in to upoštevajo že pri razvoju in implementaciji. S temi vidiki se ukvarja informacijska varnost. V splošnem informacijska varnost pomeni varstvo informacijskih sistemov in podatkov pred nezakonitim dostopom, razkritjem, spremembo ali uničenjem. V diplomski nalogi se bomo sicer osredotočili na penetracijsko testiranje ter opis ranljivosti spletnih aplikacij in orodij, ki jih bomo uporabili za razkritje teh ranljivosti. Nato bomo na praktičnem primeru spletne aplikacije izvedli penetracijski test. Na ta način bo bralcu predstavljeno penetracijsko testiranje spletnih aplikacij.

Keywords

informacijska varnost;vdorno testiranje;penetracijsko testiranje;penetracijski preizkus;vdorni preizkus;računalništvo in informatika;univerzitetni študij;diplomske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UL FRI - Faculty of Computer and Information Science
Publisher: [M. Prajnc]
UDC: 004.774.6:004.056(043.2)
COBISS: 78383107 Link will open in a new window
Views: 353
Downloads: 64
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Penetration testing of web applications
Secondary abstract: Today, the majority of business processess and communications take place over the Internet, thanks to web applications, which are the product of several programming techniques and tools. The aforementioned techniques and tools are extremely fast to develop and upgrade, but from the security and safety point of view this is not necessarily always good. The problem, which arises is that many companies spend large amounts of budget only on development, and not enough money is left for safety and security testing. Safety and security checks are usually done right at the end when the product is ready to be delivered to the customer. While this approach is better than not having a security check, the best practice is for developers to be aware of the vulnerabilities of the system they are developing and to take this into account when developing and implementing it. Information security deals with these aspects. In general, information security means the protection of information systems and data against unauthorized access, disclosure, alteration or destruction. In my diploma thesis I will focus on penetration testing and description of vulnerabilities of web applications and tools that I will use to reveal these vulnerabilities. This way the reader will be introduced to penetration testing of web applications.
Secondary keywords: information security;penetration test;web application;computer and information science;diploma;Spletne aplikacije;Računalništvo;Univerzitetna in visokošolska dela;
Type (COBISS): Bachelor thesis/paper
Study programme: 1000468
Thesis comment: Univ. v Ljubljani, Fak. za računalništvo in informatiko
Pages: 64 str.
ID: 13418756