To see the other types of publications on this topic, follow the link: Penetration testing (Computer security).
Dissertations / Theses on the topic 'Penetration testing (Computer security)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Penetration testing (Computer security).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Dazet, Eric Francis. "ANEX: Automated Network Exploitation through Penetration Testing." DigitalCommons@CalPoly, 2016. https://digitalcommons.calpoly.edu/theses/1592.
Full textAbstract:
Cyber attacks are a growing concern in our modern world, making security evaluation a critical venture. Penetration testing, the process of attempting to compromise a computer network with controlled tests, is a proven method of evaluating a system's security measures. However, penetration tests, and preventive security analysis in general, require considerable investments in money, time, and labor, which can cause them to be overlooked. Alternatively, automated penetration testing programs are used to conduct a security evaluation with less user effort, lower cost, and in a shorter period of time than manual penetration tests. The trade-off is that automated penetration testing tools are not as effective as manual tests. They are not as flexible as manual testing, cannot discover every vulnerability, and can lead to a false sense of security. The development of better automated tools can help organizations quickly and frequently know the state of their security measures and can help improve the manual penetration testing process by accelerating repetitive tasks without sacrificing results.
This thesis presents Automated Network Exploitation through Penetration Testing (ANEX), an automated penetration testing system designed to infiltrate a computer network and map paths from a compromised network machine to a specified target machine. Our goal is to provide an effective security evaluation solution with minimal user involvement that is easily deployable in an existing system. ANEX demonstrates that important security information can be gathered through automated tools based solely on free-to-use programs. ANEX can also enhance the manual penetration testing process by quickly accumulating information about each machine to develop more focused testing procedures.
Our results show that we are able to successfully infiltrate multiple network levels and exploit machines not directly accessible to our testing machine with mixed success. Overall, our design shows the efficacy of utilizing automated and open-source tools for penetration testing.
2
Edström, Viktor, and Eldar Zeynalli. "Penetration testing a civilian drone : Reverse engineering software in search for security vulnerabilities." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280096.
Full textAbstract:
Civilian drones have become more popular in recent years. As an IoT (Internet of Things) device full of state of the art technologies, its level of security is highly relevant. That is why we chose to take a look at the previous research done in the field to see how the attack surface of civilian drones looks. This revealed that drones are especially vulnerable to GPS and WiFi-based attacks. Furthermore, there have also been vulnerabilities discovered in the applications used by different civilian drones. We took a closer look at a certain drone model, DJI Mavic 2 Zoom, by analyzing its internals and reverse engineering certain parts of its software architecture to see what attacks it could be vulnerable to. Our research revealed that the drone uses a proprietary protocol dubbed Ocusync. This means it is not vulnerable to the same attacks as drone models that use WiFi. However, the drone could still be as vulnerable to GPS spoofing attacks. Through reverse engineering, we also discovered a vulnerability in the software of the drone, which has been reported to the manufacturer.Civila drönare har under de senaste åren blivit mer populära. Som en IoT-enhet (Internet of Things) full av modern teknik är dess säkerhetsnivå mycket relevant. Det är därför vi valde att titta på den tidigare forskningen som har gjorts på området för att se hur attackytan på civila drönare ser ut. Detta avslöjade att de är särskilt sårbara för GPSoch WiFi-baserade attacker. Dessutom har det också upptäckts sårbarheter i applikationerna som används av olika civila drönare. Vi tittade närmare på en viss drönarmodell, DJI Mavic 2 Zoom, genom att analysera dess intern arkitektur och dekompilera vissa delar av programvaruarkitekturen för att se vilka attacker den kan vara sårbar för. Vår forskning avslöjade att drönaren använder ett proprietärt protokoll som kallas Ocusync. Det här innebär att drönaren inte är sårbart för samma attacker som modeller som använder WiFi. Däremot, kan drönaren vara lika sårbar för GPS-spoofing attacker. Med hjälp av dekompilering, upptäckte vi också en sårbarhet i drönarens mjukvara, som har rapporterats till tillverkaren.
3
Nilsson, Robin. "Penetration testing of Android applications." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280290.
Full textAbstract:
The market of Android applications is huge, and in 2019, Google Play users worldwide downloaded 84.3 billion mobile applications. With such a big user base, any security issues could have big negative impacts. That is why penetration testing of Android applications is important and it is also why Google has a bug bounty program where people can submit vulnerability reports on their most downloaded applications. The aim of the project was to assess the security of Android applications from the Google Play Security Reward Program by performing penetration tests on the applications. A threat model of Android applications was made where potential threats were identified. A choice was made to focus on the Spotify Application for Android where threats were given ratings based on risks associated with them in the context of the Spotify Application. Penetration tests were made where testing depth was determined by the ratings associated with the attacks.The results of the tests showed that the Spotify Application is secure, and no test showed any real possibility of exploiting the application. The perhaps biggest potential exploit found is a Denial of Service attack that can be made through a malicious application interacting with the Spotify application. The result doesn’t guarantee that the application isn’t penetrable and further testing is needed to give the result more reliability. The methods used in the project can however act as a template for further research into both Spotify and other Android applications.Marknaden för Android applikationer är enorm och 2019 laddade Google Play användare ner 84.3 miljarder mobil-applikationer. Med en så stor användarbas kan potentiella säkerhetsproblem få stora negativa konsekvenser. Det är därför penetrationstest är viktiga och varför Google har ett bug bounty program där folk kan skicka in sårbarhetsrapporter för deras mest nedladdade applikationer. Målet med projektet är att bedöma säkerheten hos Android applikationer från Google Play Security Reward Program genom utförande av penetrationstester på applikationerna. En hotmodell över Android applikationer skapades, där potentiella hot identifierades. Ett val att fokusera på Spotify för Android gjordes, där hot gavs rankingar baserat på riskerna associerade med dem i kontexten av Spotify applikationen. Penetrationstest gjordes med testdjup avgjort av rankingarna associerade med attackerna.Resultatet av testen visade att Spotify applikationen var säker, och inga test visade på några riktiga utnyttjningsmöjligheter av applikationen. Den kanske största utnyttjningsmöjligheten som hittades var en Denial of Service-attack som kunde göras genom en illvillig applikation som interagerar med Spotify applikationen. Resultaten garanterar inte att applikationen inte är penetrerbar och fortsatt testande behövs för att ge resultatet mer trovärdighet. Metoderna som användes i projektet kan i alla fall agera som en mall för fortsatt undersökning av både Spotify såväl som andra Android applikationer.
4
Vernersson, Susanne. "Penetration Testing in a Web Application Environment." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-8934.
Full textAbstract:
As the use of web applications is increasing among a number of different industries, many companies turn to online applications to promote their services. Companies see the great advantages with web applications such as convenience, low costs and little need of additional hardware or software configuration. Meanwhile, the threats against web applications are scaling up where the attacker is not in need of much experience or knowledge to hack a poorly secured web application as the service easily can be accessed over the Internet. While common attacks such as cross-site scripting and SQL injection are still around and very much in use since a number of years, the hacker community constantly discovers new exploits making businesses in need of higher security. Penetration testing is a method used to estimate the security of a computer system, network or web application. The aim is to reveal possible vulnerabilities that could be exploited by a malicious attacker and suggest solutions to the given problem at hand. With the right security fixes, a business system can go from being a threat to its users’ sensitive data to a secure and functional platform with just a few adjustments. This thesis aims to help the IT security consultants at Combitech AB with detecting and securing the most common web application exploits that companies suffer from today. By providing Combitech with safe and easy methods to discover and fix the top security deficiencies, the restricted time spent at a client due to budget concerns can be made more efficient thanks to improvements in the internal testing methodology. The project can additionally be of interest to teachers, students and developers who want to know more about web application testing and security as well as common exploit scenarios.
5
Gyulai, Sofia, and William Holmgren. "Testing and Improving the Security of a Mobile Application." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-157742.
Full textAbstract:
When making new software systems, security testing should always be included in the process. In this thesis, attacks were identified and performed against a system consisting of two servers and an Android application. A penetration test was also performed against parts of the system. If an attack was successful, this was considered a vulnerability. The attacks that were identified and performed were a NoSQL injection attack a man-in-the-middle attack and reverse engineering. Through the man-in-the-middle attack and reverse engineering, breaching security properties such as confidentiality and integrity was possible. The NoSQL injection attack was not successful in breaching neither. No results from these could be used to exploit the system further. Countermeasures were taken to secure against the discovered vulnerabilities, and new instances of the attacks were performed after this as well. The overall conclusion is that the system is now secure against our implementations of the attacks performed in this thesis.
6
Salih, Raman. "Adagio For The Internet Of Things : IoT penetration testing and security analysis of a smart plug." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-290926.
Full textAbstract:
The emergence of the Internet of Things (IoT) shows us that more and more devices will be connected to the internet for all types of different purposes. One of those devices, the smart plug, have been rapidly deployed because of the ease it brings users into achieving home automation by turning their previous dumb devices smart by giving them the means of controlling the devices remotely. These IoT devices that gives the user control could however poseserious security problems if their vulnerabilities were not care fully investigated and analyzed before we blindly integrate them into our everyday life. In this paper, we do a threat model and subsequent penetration testing on a smart plug system made by particular brand by exploiting its singular communication protocol and we successfully launch five attacks: a replay attack, a MCU tampering attack, a firmware attack, a sniffing attack, and a denial-of-service attack. Our results show that we can hijack the device or obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing the IoT device.Framväxten av sakernas internet (IoT)visar oss att fler och fler enheter kommer att anslutas tillinternet för alla möjliga olika ändamål. En av dessa enheter, den smarta strömbrytaren har snabbt distribuerats på grund av den lätthet den ger användare att uppnå hemautomation genom att göra sina tidigare dumma enheter smarta genom att ge användarna möjligheten att fjärrstyra de olika enheterna. Dessa IoT-enheter som ger användaren kontrollkan dock utgöra allvarliga säkerhetsproblem om deras sårbarheter inte undersöks noggrant och analyseras innan vi blint integrerar dem i vår vardag. I denna uppsats gör vi försten hotmodell och sedan penetrations testar vi en smart IoT strömbrytare som säljs av ett visst välkänt varumärke genom att utnyttja det enda kommunikationsprotokollet som finns på enheten och vi lyckas framgångsrikt med fem olikaattacker: en återuppspelningsattack, en MCU manipuleringsattack, en firmware-attack, enöverlyssningsattack och överbelastningsattack. Våra resultatvisar att vi kan enkelt kapa enheten samt få autentiseringsuppgifterna från enheten genom att utföra dessa attacker. Vi presenterar också riktlinjer för att kunna säkra IoT-enheten.
7
Andersson, Gustaf, and Fredrik Andersson. "Android Environment Security." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-20512.
Full textAbstract:
In modern times mobile devices are a increasing technology and malicious users are increasing as well. On a mobile device it often exist valuable private information that a malicious user is interested in and it often has lower security features implemented compared to computers. It is therefore important to be aware of the security risks that exist when using a mobile device in order to stay protected.In this thesis information about what security risks and attacks that are possible to execute towards a mobile device running Android will be presented. Possible attack scenarios are attacking the device itself, the communication between the device and a server and finally the server.
8
Svensson, Benjamin, and Kristian Varnai. "Servicing a Connected Car Service." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2453.
Full textAbstract:
Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed.
9
Ottosson, Henrik, and Per Lindquist. "Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities." Thesis, Linköpings universitet, Databas och informationsteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148581.
Full textAbstract:
Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments.Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.
10
Johnson, William. "Development of Peer Instruction Material for a Cybersecurity Curriculum." ScholarWorks@UNO, 2017. http://scholarworks.uno.edu/td/2367.
Full textAbstract:
Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses.
11
Radholm, Fredrik, and Niklas Abefelt. "Ethical Hacking of an IoT-device: Threat Assessment and Penetration Testing : A Survey on Security of a Smart Refrigerator." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280295.
Full textAbstract:
Internet of things (IoT) devices are becoming more prevalent. Due to a rapidly growing market of these appliances, improper security measures lead to an expanding range of attacks. There is a devoir of testing and securing these devices to contribute to a more sustainable society. This thesis has evaluated the security of an IoT-refrigerator by using ethical hacking, where a threat model was produced to identify vulnerabilities. Penetration tests were performed based on the threat model. The results from the penetration tests did not find any exploitable vulnerabilities. The conclusion from evaluating the security of this Samsung refrigerator can say the product is secure and contributes to a connected, secure, and sustainable society.Internet of Things (IoT) enheter blir mer allmänt förekommande. På grund av en snabbt expanderande marknad av dessa apparater, har bristfälliga säkerhetsåtgärder resulterat till en mängd olika attacker. Det finns ett behov att testa dessa enheter for att bidra till ett mer säkert och hållbart samhälle. Denna avhandling har utvärderat säkerheten av ett IoT-kylskåp genom att producera en hot modell för att identifiera sårbarheter. Penetrationstester har utförts på enheten, baserade på hot modellen. Resultatet av penetrationstesterna hittade inga utnyttjningsbara sårbarheter. Slutsatsen från utvärderingen av säkerheten på Samsung-kylskåpet är att produkten är säker och bidrar till ett uppkopplat, säkert, och hållbart samhälle.
12
Izagirre, Mikel. "Deception strategies for web application security: application-layer approaches and a testing platform." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-64419.
Full textAbstract:
The popularity of the internet has made the use of web applications ubiquitous and essential to the daily lives of people, businesses and governments. Web servers and web applications are commonly used to handle tasks and data that can be critical and highly valuable, making them a very attractive target for attackers and a vector for successful attacks that are aimed at the application layer. Existing misuse and anomaly-based detection and prevention techniques fail to cope with the volume and sophistication of new attacks that are continuously appearing, which suggests that there is a need to provide new additional layers of protection. This work aims to design a new layer of defense based on deception that is employed in the context of web application-layer traffic with the purpose of detecting and preventing attacks. The proposed design is composed of five deception strategies: Deceptive Comments, Deceptive Request Parameters, Deceptive Session Cookies, Deceptive Status Codes and Deceptive JavaScript. The strategies were implemented as a software artifact and their performance evaluated in a testing environment using a custom test script, the OWASP ZAP penetration testing tool and two vulnerable web applications. Deceptive Parameter strategy obtained the best security performance results, followed by Deceptive Comments and Deceptive Status Codes. Deceptive Cookies and Deceptive JavaScript got the poorest security performance results since OWASP ZAP was unable to detect and use deceptive elements generated by these strategies. Operational performance results showed that the deception artifact could successfully be implemented and integrated with existing web applications without changing their source code and adding a low operational overhead.
13
Watkins, Trevor U. "Is Microsoft a Threat to National Security? Policy, Products, Penetrations, and Honeypots." Connect to resource online, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1244659206.
Full text
14
Dzidic, Elvira, and Mbonyimana Benjamin Jansson. "Penetration Testinga Saia Unit : A Control System for Water, Ventilation, and Heating in Smart Buildings." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-299862.
Full textAbstract:
The concept of Smart Buildings and automated processes is a growing trend. Due to a rapidly growing market of buildings that relies on the Internet, improper security measures allow hackers to gain control over the whole system easily and cause devastating attacks. Plenty of effort is being put into testing and securing the devices within a smart building in order to contribute to a more sustainable society. This thesis has evaluated the security of a control system for water, ventilation, and heating in smart buildings by using ethical hacking, where the testing is based on a systematic and agile pentesting process. The penetration testing was conducted using the method Black- box testing, and the testing was based on a threat model that was created to identify vulnerabilities. The results from the penetration tests did not find any exploitable vulnerabilities. However, flaws in the system, such as data being transferred in clear text and unlimited login attempts, that need to be addressed to avoid further problems, were found. The conclusion from evaluating the control system affirms that the strength of the password has a significant role, but that system can still be exposed to other hacking techniques, such as ”Pass the hash”.Begreppet smarta byggnader och automatiserade processer är en växande trend. På grund av en snabbt växande marknad av byggnader som är beroende av Internet, har bristfälliga säkerhetsåtgärder resulterat i att hackare enkelt kan få kontroll över hela systemet och orsaka förödande attacker. Ansträngningar läggs på att testa och säkra enheterna i en smart byggnad för att bidra till ett mer hållbart samhälle. Denna avhandling har utvärderat säkerheten för ett styrsystem för vatten, ventilation och uppvärmning i smarta byggnader med hjälp av etisk hacking, där testningen baseras på en systematisk och agil pentestning process. Penetrationstestningen genomfördes genom att använda sig av metoden Blackbox testning, medan testningen baserades på en hotmodell som skapades för att identifiera sårbarheter. Resultaten från penetrationstesterna hittade inga sårbarheter att dra nytta utav. Dock hittades brister i systemet, bland annat att data överförs i klartext och att användaren har oändligt många inloggningsförsök, som måste åtgärdas för att undvika framtida problem. Slutsatsen från utvärderingen av styrsystemet bekräftar att styrkan på lösenordet har en signifikant roll, men att systemet ändå kan vara utsatt av andra hackningstekniker så som ”Pass the hash”.
15
Shakra, Mohamed, and Ahmad Jabali. "Evaluating Security For An IoT Device." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-289631.
Full textAbstract:
IoT systems usage is rapidly growing, and is involved in many industries causing more potential security flaws to a freshly new field. Even light bulbs, have a new generation called smart light bulbs have taken a step into the IoT world. In this project an affordable and available light bulb has it’s security evaluated by using a well known attacks to test the device security. It was concluded that the studied light bulb was found to be secured by the array of penetration tests carried in this project. However, the methods used for evaluating the device can be applicable to any other IoT for any future security evaluation.IoT-systemanvändningen växer snabbt och är involverad i många branscher som orsakar fler potentiella säkerhetsbrister i ett nyligen nytt fält. Även glödlampor, har en ny generation som heter textit smarta glödlampor har tagit ett steg in i IoT- världen. I det här dokumentet utvärderas en prisvärd och tillgänglig glödlampa genom att använda en välkänd attack för att testa enhetens säkerhet. Det drogs slutsatsen att den studerade glödlampan befanns vara säkrad genom den mängd penetrationstester som utfördes i detta dokument. Metoderna som används för att utvärdera enheten kan dock tillämpas på vilken annan IoT som helst för framtida säkerhetsutvärdering.
16
Johansson, Michael. "Internet of things security in healthcare : A test-suite and standard review." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-77138.
Full textAbstract:
Internet of things is getting more and more popular in healthcare as it comes with benefits that help with efficiency in saving lives and reduce its cost, but it also presents a new attack vector for an attacker to steal or manipulate information sent between them. This report will focus on three properties in the definition of security, confidentiality, integrity and access control. The report will look into what challenges there is in healthcare IoT today through a literature review and from those challenges look into what could minimise these challenges before a device gets into production. The report found that the lack of standardisation has lead to errors that could be easily prevented by following a guideline of tests as those from the European Union Agency for Network and Information Security, or by running a penetration test with the tools brought up in the report on the device to see what vulnerabilities are present.
17
Lindeberg, Axel. "Hacking Into Someone’s Home using Radio Waves : Ethical Hacking of Securitas’ Alarm System." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-302999.
Full textAbstract:
The number of IoT systems in our homes has exploded in recent years. By 2025 it is expected that the number of IoT devices will reach 38 billion. Home alarm systems are an IoT product that has increased dramatically in number and complexity in recent years. Besides triggering an alarm when an intruder tries to break in, a modern system can now control your light bulbs, lock and unlock your front door remotely, and interact with your smart speaker. They are undeniably effective in deterring physical intrusion. However, given the recent rise in complexity how well do they hold up against cyber attacks? In this thesis, a smart home alarm system from SecuritasHome is examined. A comprehensive security analysis was performed using penetration testing techniques and threat modeling. The work focused mainly on radio frequency (RF) hacking against the systems RF communication. Among other things, a critical vulnerability was found in the proprietary RF protocol, allowing an attacker to disarm an armed system and thus completely bypass the system’s functionality. The security of the system was deemed to be lacking.Antalet IoT system i våra hem har exploderat de senaste åren. Vid år 2025 förväntas antalet IoT enheter nå 38 miljarder. Hemlarmsystem är en typ av IoT-produkt som ökat dramatiskt i komplexitet på senare tid. Förutom att framkalla ett larm vid ett intrång kan ett modernt hemlamsystem numera kontrollera dina glödlampor, låsa och låsa upp din ytterdörr, samt kontrollera dina övervakningskameror. De är utan tvekan effektiva på att förhindra fysiska intrång, men hur väl står de emot cyberattacker? I denna uppsats undersöks ett hemlarmsystem från SecuritasHome. En utförlig säkerhetsanalys gjordes av systemet med penetrationstestnings-metodiker och hotmodellering. Arbetet fokuserade mestadels på radiovågshackning (RF) mot systemets RF-kommunikation. Bland annat hittades en kritiskt sårbarhet i systemets RF-protokoll som gör det möjligt för en angripare att avlarma ett larmat system, och därmed kringå hela systemets funktionalitet. Säkerheten av systemet bedömdes vara bristfällig.
18
Hassani, Raihana. "Security evaluation of a smart lock system." Thesis, KTH, Skolan för kemi, bioteknologi och hälsa (CBH), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-291189.
Full textAbstract:
Cyber attacks are an increasing problem in the society today. They increase dramatically, especially on IoT products, such as smart locks. This project aims to evaluate the security of the Verisure smartlock system in hopes of contributing to a safer development of IoT products and highlighting theexisting flaws of today’s society. This is achieved by identifying and attempting to exploit potential vulnerabilities with threat modeling and penetration testing. The results showed that the system is relatively secure. No major vulnerabilities were found, only a few weaknesses, including the possibility of a successful DoS attack, inconsistent password policy, the possibility of gaining sensitive information of a user and cloning the key tag used for locking/unlocking the smart lock.Cyberattacker är ett ökande problem i samhället idag. De ökar markant, särskilt mot IoT-produkter, såsom smarta lås. Detta projekt syftar till att utvärdera säkerheten i Verisures smarta låssystem i hopp om att bidra till en säkrare utveckling av IoT-produkter och belysa de befintliga bristerna i dagens samhälle. Detta uppnås genom att identifiera och försöka utnyttja potentiella sårbarheter med hotmodellering och penetrationstestning. Resultaten visade att systemet är relativt säkert. Inga större sårbarheter hittades, bara några svagheter, inklusive möjligheten till en lyckad DoS-attack, inkonsekvent lösenordspolicy, möjligheten att få känslig information från en användare och kloning av nyckelbrickan som används för att låsa/låsa upp smarta låset.
19
Galal, Daria, and Martin Tillberg. "Security Test of iZettle's Reader 2 : A card terminal for safe payments?" Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-277913.
Full textAbstract:
Ethical hacking and penetration testing are two methods often used when organizations and companies want to measure their level of information security, and find out if there are additional steps that can be taken in order to increase the security. This report describes a security test of the card terminal iZettle Reader 2, with the intention to examine its level of security based on the device’s frequent appearance in the society. The implementation is divided into three phases: prestudy and threat modelling, penetration testing and evaluation and conclusion of the security. The threat model was created using the two established models STRIDE & DREAD, which purpose is to identify the device’s various threats and attack vectors. From the threat model, a couple of attack vectors were selected to be penetration tested. By using conventional models and obtaining knowledge of common attacks such as Man-in-the-middle, Spoofing and Replay, the device and the payment solution could be tested with a systematical and reliable approach. A selection was made of the most prominent attack vectors, of which these were later tested; Man-in-the-middle of Bluetooth and HTTPS, and Reverse Engineering of the associated mobile application "iZettle Go". The result of the penetration tests indicated that the security around the device and surrounding systems is strong, but that it can be further supplemented with a couple of actions like certificate pinning and mutual authentication when communicating with TLS, as well as a more tamperproof software regarding the mobile application.Etisk hackning och penetrationstestning är två metoder som ofta tillämpas i sammanhang när organisationer och företag vill mäta sin nivå av informationssäkerhet, samt även ta reda på om eventuella åtgärder kan tas för att stärka säkerheten. Denna rapport beskriver ett säkerhetstest av kortterminalen iZettle Reader 2, med syftet att undersöka dess nivå av säkerhet grundat på enhetens frekventa uppträdande i samhället. Genomförandet är uppdelat i tre faser: förstudie och hotmodellering, penetrationstestning samt utvärdering och avgörande av säkerheten. Hotmodellen skapades med hjälp av de två vedertagna modellerna STRIDE & DREAD, vars syfte är att identifiera enhetens olika hot och attackvektorer. Utifrån hotmodellen valdes några attackvektorer som sedan penetrationstestades. Genom att använda etablerade modeller samt erhålla kännedom om konventionella attacker såsom Man-in-the-middle, Spoofing och Replay, kunde man testa enheten och betallösningen med ett systematiskt och pålitligt tillvägagångssätt. Ett urval gjordes av de mest lovande attackvektorerna, varav dessa senare testades; Man-in-the-middle av Bluetooth och Wi-Fi samt Reverse Engineering av den tillhörande mobilapplikationen "iZettle Go". Resultatet av testerna påvisade en stark säkerhet gällande enheten och dess omgivande system, men att säkerheten kan kompletteras ytterligare med ett par olika åtgärder som certificate pinning och mutual authentication vid kommunikation med TLS, samt manipuleringssäker mjukvara med avseende på mobilapplikationen.
20
Hätty, Niklas. "Representing attacks in a cyber range." Thesis, Linköpings universitet, Programvara och system, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-159838.
Full textAbstract:
Trained security experts can be a mitigating factor to sophisticated cyberattacks that aim to violate the confidentiality, integrity, and availability of information. Reproducible sessions in a safe training environment is an effective way of increasing the excellence of security experts. One approach to achieving this is by using cyber ranges, which essentially is a set of hardware nodes that can virtually represent a large organization or system. The Swedish Defense Research Agency (FOI) develops and maintains a fully functioning cyber range and has the ability to automatically deploy sophisticated attacks against organizations and systems represented in this cyber range through a system called SVED. In this thesis, the capability to deploy different types of cyberattacks through SVED against virtual organizations in a cyber range, CRATE, is investigated. This is done by building a dataset of publicly disclosed security incidents from a database and attempting to represent each of them in SVED, and subsequently instantiating these attack representations against organizations in CRATE. The results show that the prevalence of at least one CVE-entry (Common Vulnerabilities and Exposures) in the incident description is a key factor to be able to represent an attack in SVED. When such an entry does exist, SVED is likely able to implement a representation of the attack. However, for certain type of attacks a CVE-entry is not enough to determine how an attack was carried out, which is why some attacks are harder to implement in SVED. This was the case for Denial of Service (DoS) attacks, which are too reliant on infrastructure rather than one or more vulnerabilities, and SQL injections, which are more reliant on the implementation of database access. Finally, CRATE is able to handle almost all attacks implemented in SVED, given that the correct vulnerable application software is installed on at least one machine in one of the organizations in CRATE.
21
Berner, Madeleine. "Where’s My Car? Ethical Hacking of a Smart Garage." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280298.
Full textAbstract:
IoT products are breaking new ground into widespread industries and introducing potential attack vectors to unprepared environments. Even the new generation of garage openers, called smart garages, have entered into the world of IoT. They are connected to the Internet, and are delivered with the goal of providing more security by merging features from the home surveillance boom. But do they keep what they promise? This thesis has evaluated the security of one particular smart garage that is being sold worldwide – iSmartgate PRO. Penetration testing was conducted with focus on the web application. A total of eleven vulnerabilities were reported, including a one-click-root attack that combined three of them into providing an unauthenticated remote attacker with a root shell. It was concluded that the product lacked security measures in certain areas.IoT-produkter bryter ny mark inom spridda branscher, och introducerar potentiella attackvektorer i oförberedda miljöer. Det är inte förvånande att till och med den nya generationen garageöppnare har tagit ett kliv in i världen av IoT. Vilket innebär att garageöppnarna är uppkopplade till Internet, kallas för smarta garage och levereras med målet att bidra till ökad säkerhet med sina nya funktioner tagna från trenden av hemmaövervakning. Men kan de hålla vad de lovar? Det här examensarbetet har utvärderat säkerheten av ett utvalt smart garage som säljs världen över – iSmartgate PRO. Penetrationstestning genomfördes med fokus på webbapplikationen. Totalt sett rapporterades elva sårbarheter, varav en inkluderade en one-click-root-attack som kombinerade tre sårbarheter till att ge en icke autentisierad fjärrangripare ett root-skal. Den dragna slutsatsen var att produkten hade utrymme för att förbättra säkerheten.
22
Lindqvist, Anna. "Threats to smart buildings : Securing devices in a SCADA network." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-176723.
Full textAbstract:
This paper examines the possibilities of performing tests with the aim to ensure that devices in a SCADA network can be deemed secure before deployment. SCADA systems are found in most industries and have recently seen an increased use in building automation, most importantly the healthcare sector, which means that a successful attack toward such a system could endanger lives of patients and healthcare professionals.The method of testing was created to examine whether devices conflicted with the security flaws identified by OWASP IoT Top 10 list, meaning that OWASP IoT Top 10 was the foundation for the methodology used in this paper.Results of the tests show that the devices used in testing are not in conflict with the OWASP IoT Top 10 list when using the default settings. However, some settings that can be enabled on the devices would constitute a security risk if enabled.
23
Abou, El Houda Zakaria. "Security Enforcement through Software Defined Networks (SDN)." Thesis, Troyes, 2021. http://www.theses.fr/2021TROY0023.
Full textAbstract:
La conception originale d'Internet n'a pas pris en compte les aspects de sécurité du réseau, l’objectif prioritaire était de faciliter le processus de communication. Par conséquent, de nombreux protocoles de l'infrastructure Internet exposent un ensemble de vulnérabilités. Ces dernières peuvent être exploitées par les attaquants afin de mener un ensemble d’attaques. Les attaques par déni de service distribué (DDoS) représentent une grande menace; DDoS est l'une des attaques les plus dévastatrices causant des dommages collatéraux aux opérateurs de réseau ainsi qu'aux fournisseurs de services Internet. Les réseaux programmables (SDN) ont émergé comme un nouveau paradigme promettant de résoudre les limitations de l’architecture réseau actuelle en découplant le plan de contrôle du plan de données. D'une part, cette séparation permet un meilleur contrôle du réseau et apporte de nouvelles capacités pour mitiger les attaques par DDoS. D'autre part, cette séparation introduit de nouveaux défis en matière de sécurité du plan de contrôle. L’enjeu de cette thèse est double. D'une part, étudier et explorer l’apport du SDN à la sécurité afin de concevoir des solutions efficaces qui vont mitiger plusieurs vecteurs d’attaques. D'autre part, protéger le SDN contre ces attaques. À travers ce travail de recherche, nous contribuons à la mitigation des attaques par déni de service distribué sur deux niveaux (intra et inter-domaine), et nous contribuons au renforcement de la sécurité dans le SDNThe original design of Internet did not take into consideration security aspects of the network; the priority was to facilitate the process of communication. Therefore, many of the protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can be exploited by attackers to carry out a set of attacks. Distributed Denial-of-Service (DDoS) represents a big threat and one of the most devastating and destructive attacks plaguing network operators and Internet service providers (ISPs) in stealthy way. Software defined networks (SDN) is an emerging technology that promises to solve the limitations of the conventional network architecture by decoupling the control plane from the data plane. On one hand, the separation of the control plane from the data plane allows for more control over the network and brings new capabilities to deal with DDoS attacks. On the other hand, this separation introduces new challenges regarding the security of the control plane. This thesis aims to deal with DDoS attacks while protecting the resources of the control plane. In this thesis, we contribute to the mitigation of both intra-domain and inter-domain DDoS attacks, and we contribute to the reinforcement of security aspects in SDN
24
Torgilsman, Christoffer, and Eric Bröndum. "Ethical Hacking of a Robot Vacuum Cleaner." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-277918.
Full textAbstract:
This study revolves around the safety of IoT devices, more specifically how safe the robot vacuum cleaner Ironpie m6 is. The method is based on threat modeling the device, using the DREAD and STRIDE models. The threats with the highest estimated severity were then penetration tested to see which security measures are implemented to protect against them. Using client side manipulation one vulnerability was found in Trifo’s mobile application ”Trifo home” which could be used to harm customers property.Den här studien kretsar kring IoT enheters säkerhet, mer specifikt hur säker robotdammsugaren Ironpie m6 är. Metoden är baserad på att hotmodellera enheten med hjälp av DREAD och STRIDE modellerna. Dem allvarligaste hoten blev penetrationstestade för att se vilka säkerhetsåtgärder som har blivit implementerade for att skydda produkten från dem. En sårbarhet upptäcktes i Trifos mobilapplikation ”Trifo Home” som kunde exploiteras via manipulation av klient sidan. Denna sårbarhet kunde användas för att skada kunders ägodelar.
25
Palm, Alexander, and Benjamin Gafvelin. "Ethical Hacking of Android Auto in the Context of Road Safety." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-299647.
Full textAbstract:
With a more than ever increasing demand to interconnect smartphones with infotainment systems, Android Auto has risen in popularity with its services used in modern vehicles worldwide. However, as users progressively connect their smartphones to in-vehicle infotainment systems, the opportunity for malicious actors to endanger and access private data of Android Auto users advances as well. The goal with this thesis is to determine how secure Android Auto is for road use. The main research question is to figure out if Android Auto is susceptible to attacks that exploit certain vulnerabilities in the Android operating system. The research question was answered by creating several proof-of-concept attacks on Android Auto using an emulated infotainment system with mobile devices. An investigation was also conducted regarding the application’s communication channel between the mobile device and infotainment display. Results of this thesis demonstrate that several attacks are substantially severe to endanger drivers on the road. There is a great risk of successful exploits when running Android Auto locally on the phone without a connection to the infotainment system, and a lesser risk when connected to the infotainment system. Intercepting communication in the USB channel revealed an encryption algorithm whose version has published exploits and can be cracked to potentially exploit Android Auto.I takt med en evigt ökande efterfrågan på att sammankoppla smarttelefoner med infotainmentsystem, har allt fler börjat använda Android Auto i sina fordon världen över. En bieffekt av att allt fler sammankopplar sina mobiler till infotainmentsystem, är att det leder till fler möjligheter för illvilliga parter att stjäla privat data och sätta Android Autoanvändares liv i fara. Målet med denna avhandling är att fastställa hur säkert Android Auto är i avseende till vägsäkerhet. Den huvudsakliga forskningsfrågan är att lista ut om Android Auto kan attackeras av attacker som utnyttjar sårbarheter i Android operativsystemet. Forskningsfrågan besvarades genom att skapa flertal konceptattacker mot Android Auto användandes av ett emulerat infotainmentsystem och mobiltelefoner. En utredning utfördes även gällande applikationens kommunikationskanal mellan telefonen och infotainmentskärmen. Resultatet från denna avhandling demonstrerade att många attacker är tillräckligt allvarliga för att äventyra trafikanternas säkerhet. Det finns en avsevärd risk för framgångsrika attacker när Android Auto körs lokalt på telefonen utan en USB koppling till infotainmentsystemet, och en liten risk när telefonen är kopplad till infotainmentsystemet. Avlyssning och uppfångning av kommunikationen i USB kanalen visade att en krypteringsalgoritm vars version har existerande sårbarheter kan avkrypteras och utnyttjas för att potentiellt attackera Android Auto.
26
Robberts, Christopher, and Joachim Toft. "Finding Vulnerabilities in IoT Devices : Ethical Hacking of Electronic Locks." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-254667.
Full textAbstract:
Internet of Things (IoT) devices are becoming more ubiquitous than ever before, and while security is not that important for every type of device, it is crucial for some. In this thesis, a widely available Bluetooth smart lock is examined through the lens of security. By using well-known attack methods, an attempt is made to exploit potential vulnerabilities in the system.The researched lock was found to have design flaws that could be considered low-impact vulnerabilities, but using the system without these flaws in mind could lead to harmful outcomes for the lock owner.Except for the design flaws, no real security problems were discovered, but the methods used in this thesis should be applicable for further IoT security research.IoT-apparater blir allt mer vanliga i samhället. Det är inte ett krav för alla typer av apparater att ha stark säkerhet, men för vissa är det helt avgörande. I denna avhandling undersöks ett allmänt tillgängligt Bluetooth-smartlås utifrån ett säkerhetsperspektiv. Genom att använda välkända angreppsmetoder görs det ett försök att utnyttja potentiella sårbarheter i systemet.Låset visade sig ha designfel som skulle kunna betraktas som sårbarheter med låg hotnivå, men att använda systemet utan dessa designfel i åtanke skulle kunna leda till farliga påföljder för låsägaren.Förutom designfelen upptäcktes inga riktiga säkerhetsproblem, men metoderna som används i denna avhandling bör vara tillämpliga för ytterligare säkerhetsforskning inom IoT.
27
Andersson, Martin. "Software Security Testing : A Flexible Architecture for Security Testing." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2388.
Full textAbstract:
Abstract: This thesis begins with briefly describing a few vulnerability classes that exist in today’s software. We then continue by describing how these vulnerabilities could be discovered through dynamic testing. Both general testing techniques and existent tools are mentioned.
The second half of this thesis present and evaluates a new flexible architecture. This new architecture has the ability to combine different approaches and create a more flexible environment from where the testing can be conducted. This new flexible architecture aims towards reducing maintenance and/or adaptation time for existing tools or frameworks. The architecture consists of a given set of plug-ins that can be easily replaced to adapt test as needed. We evaluate this architecture by implementing test plug-ins. We also use this architecture and a set of test plug-ins to generate a fuzzer targeted to test a known vulnerable server.
28
Lokrantz, Julia. "Etisk hackning av en smart foderautomat." Thesis, KTH, Hälsoinformatik och logistik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520.
Full textAbstract:
Sakernas internet (IoT) syftar till det nät av enheter som samlar och delar data över internet. De senaste åren har användandet av konsument-IoT ökat explosionsartat och åtföljts av en ökad oro kring säkerheten i dessa enheter, då många system visat sig ha bristande säkerhetsimplementeringar. Denna studie undersöker säkerheten i en smart foderautomat för husdjur och redogör för ekonomiska orsaker till förekomsten av sårbarheter. Metoden bygger på att hotmodellera foderautomaten med STRIDE- och DREAD-modellerna följt av en penetrationstestningsfas för några av de allvarligaste hoten. Resultatet visar på att foderautomaten Trixie TX9 har otillräcklig kryptering av nätverksnamn och lösenord till Wi-Fi, är sårbar mot flödesattacker och att analys av trafiken till/från enheten kan avgöra vilket tillstånd den är i. Vidare har foderautomaten flera öppna nätverkstjänster, där bland annat en Telnettjänst som kan nås genom svaga, hårdkodade inloggningsuppgifter som finns publicerade på internet. Ekonomiska orsaker till förekomsten av sårbarheter är främst asymmetrisk information och motstridande incitament. Det är idag svårt för tillverkare att ta betalt för säkerhet då marknaden drivs av snabba lanseringar och utökade funktioner till ett pressat pris.Internet of things (IoT) refers to the web of connected devices that collect and share data through the internet. The use of consumer-IoT has increased dramatically in recent years, accompanying an increasing concern about the security of these devices as many systems have proven to have insufficient security measures. This study aims to investigate the security level of a smart food dispenser for pets, and account for the underlying economic reasons for the occurrences of vulnerabilities. The method used in this study consists of conducting threat modeling of the food dispenser using STRIDE as well as DREAD models. This is then followed by a penetration-testing phase for some of the more serious threats. The results indicate that the food-dispenser Trixie TX9 has insufficient encryption of network names and passwords, is susceptible to flooding-attacks, and analysis of the incoming/outgoing data traffic from the device can deduct which state it is currently in. Furthermore, the food dispenser has several open network services, Telnet is one among them, which can be accessed through weak, hardcoded credentials that are published on the internet. The economic reasons for these security weaknesses are asymmetrical information and misaligned economic incentives. Manufacturers struggle to charge consumers for an increased level of security as the main market driving factors are swift and regular product launches as well as an expansion of new features available at competitively low prices.
29
Larsson, Forsberg Albin, and Theodor Olsson. "IoT Offensive Security Penetration Testing : Hacking a Smart Robot Vacuum Cleaner." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-254233.
Full textAbstract:
IoT devices can be found in almost any type of situation as the availability and viability of them has surged in the last decade with technological advancements. The purpose of this project is to investigate how secure these types of devices, in particular a robot vacuum cleaner, actually are if an ill intended actor tries to interfere with the device. Different methods used in the sphere of threat modeling and penetration testing were applied and tested with the result coming back positive. The robot vacuum cleaner was successfully compromised and the privacy of the owner could be violated applying the attacks used. The current way of thinking about privacy and security of IoT devices could therefore need to be reviewed.
30
Ringvall, Linus, and Oscar Ekholm. "Penetration Testing of GSM Alarm : Using Radio Frequency Communication." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280316.
Full textAbstract:
As we rely more and more on technological devices in our daily lives, it is increasingly important that these devices are secure. We examined a GSMalarm system, the Home Secure Basic V2, from a security perspective with the purpose of finding an exploit that could disable the alarm. First, we constructed a threat model of the system using the STRIDE method. Each threat was assigned a severity rating using the DREAD rating system, and was then evaluated practically. Home Secure Basic V2 has two channels of communication; 433 MHz RF and GSM. We found that the 433 MHz channel was vulnerable to replay attacks, and to a lesser extent brute-force attacks. Both of which we see as serious attacks with DREAD-ratings of 12(/15). While GSM initially used the now insecure A5/1 encryption, most operators in Sweden have fully or partially transitioned to using the more secure A5/3 algorithm for GSM-traffic. The alarm supports this algorithm and thus we had no success in performing a sniffing-attack against the GSM-channel in this alarm. It is still theoretically possible, but not with the operators we tried (Telia, Tele2) in Stockholm. Finally, we discuss the practicality of the attacks and present some countermeasures that could be implemented to secure the system.Vi förlitar oss mer och mer på tekniska apparater i vårt dagliga liv och det är därmed allt viktigare att dessa enheter är säkra. Vi undersökte ett GSMlarmsystem, Home Secure Basic V2, ur ett säkerhetsperspektiv med syftet att hitta en exploit som skulle kunna inaktivera larmet. Först konstruerade vi en hotmodell av systemet med STRIDE-metoden. Varje hot tilldelades en gradering baserat på hur allvarligt det är med hjälp av DREAD-systemet och utvärderades sedan praktiskt. Home Secure Basic V2 har två kommunikationskanaler; 433 MHz RF och GSM. Vi fann sårbarheter i 433 MHz kommunikationen som lät oss utföra både en återuppspelningsattack och en brute-force attack. Båda attackerna är allvarliga med ett DREAD-betyg på 12 (/15). GSM använde ursprungligen den nu osäkra A5/1 algoritmen, men de flesta operatörerna i Sverige har helt eller delvis övergått till den säkrare A5/3 algoritmen för GSM-traffik. Eftersom att larmet stödjer A5/3 lyckades vi inte genomföra en sniffing-attack mot GSM-kanalen. Attacken är fortfarande teoretiskt möjlig, men inte hos de operatörer vi använde (Telia, Tele2) i Stockholm. Slutligen så diskuterar vi attackernas genomförbarhet och presenterar några förslag på åtgärder som skulle kunna vidtas för att säkra larmsystemet.
31
Al-Azzani, Sarah. "Architecture-centric testing for security." Thesis, University of Birmingham, 2014. http://etheses.bham.ac.uk//id/eprint/5206/.
Full textAbstract:
This thesis presents a novel architecture-centric approach, which uses Implied Scenarios (IS) to detect design-vulnerabilities in the software architecture. It reviews security testing approaches, and draws on their limitations in addressing unpredictable behaviour in the face of evolution. The thesis introduces the concept of Security ISs as unanticipated (possibly malicious) behaviours that indicate potential insecurities in the architecture. The IS approach uses the architecture as the appropriate level of abstraction to tackle the complexity of testing. It provides potential for scalability to test large scale complex applications. It proposes a three-phased method for security testing: (1) Detecting design-level vulnerabilities in the architecture in an incremental manner by composing functionalities as they evolve. (2) Classifying the impact of detected ISs on the security of the architecture. (3) Using the detected ISs and their impact to guide the refinement of the architecture. The refinement is test-driven and incremental, where refinements are tested before they are committed. The thesis also presents SecArch, an extension to the IS approach to enhance its search-space to detect hidden race conditions. The thesis reports on the applications of the proposed approach and its extension to three case studies for testing the security of distributed and cloud architectures in the presence of uncertainty in the operating environment, unpredictability of interaction and possible security IS.
32
Cameron, Booth Louis, and Matay Mayrany. "IoT Penetration Testing: Hacking an Electric Scooter." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-254613.
Full textAbstract:
The industry of the Internet of Things (IoT) is a burgeoning market. A wide variety of devices now come equipped with the ability to digitally communicate to a wider network and modern electric scooters are one such example of this trend towards a more connected society. With scooter ride-share companies continually expanding in urban areas worldwide these devices are posing a greater attack surface for hackers to take advantage of. In this report we utilize threat modelling to analyse the potential vulnerabilities in a popular electric scooter. Through penetration testing we demonstrate the existence of major security flaws in the device and propose ways in which manufacturers may guard against these exploits in the future.Internet-of-Things (IoT) växer globalt. Många produkter kommer utrustade med förmågan att digitalt kommunicera med olika nätverk och moderna elektroniska sparkcyklar är ett exempel på denna trend som går mot ett mer uppkopplat och sammankopplat samhälle. I och med att antalet företag som tillhandahåller elsparkcykeltjänster i urbana miljöer över världen växer, så blir dessa produkter ett större mål för hackare att utnyttja. I denna rapport använder vi hotmodellering för att analysera potentiella sårbarheter i en populär elsparkcykelmodell. Genom att penetrationstesta produkten demonstrerar vi allvarliga säkerhetsfel och föreslår förhållningssätt som tillverkare kan ta hänsyn till för att undvika framtida attacker.
33
Ramilli, Marco <1983>. "A Design Methodology for Computer Security Testing." Doctoral thesis, Alma Mater Studiorum - Università di Bologna, 2013. http://amsdottorato.unibo.it/4438/4/Marco_Ramilli_Dissertation.pdf.
Full textAbstract:
The field of "computer security" is often considered something in between Art and Science. This is partly due to the lack of widely agreed and standardized methodologies to evaluate the degree of the security of a system. This dissertation intends to contribute to this area by investigating the most common security testing strategies applied nowadays and by proposing an enhanced methodology that may be effectively applied to different threat scenarios with the same degree of effectiveness.
Security testing methodologies are the first step towards standardized security evaluation processes and understanding of how the security threats evolve over time. This dissertation analyzes some of the most used identifying differences and commonalities, useful to compare them and assess their quality.
The dissertation then proposes a new enhanced methodology built by keeping the best of every analyzed methodology. The designed methodology is tested over different systems with very effective results, which is the main evidence that it could really be applied in practical cases. Most of the dissertation discusses and proves how the presented testing methodology could be applied to such different systems and even to evade security measures by inverting goals and scopes. Real cases are often hard to find in methodology' documents, in contrary this dissertation wants to show real and practical cases offering technical details about how to apply it.
Electronic voting systems are the first field test considered, and Pvote and Scantegrity are the two tested electronic voting systems. The usability and effectiveness of the designed methodology for electronic voting systems is proved thanks to this field cases analysis. Furthermore reputation and anti virus engines have also be analyzed with similar results.
The dissertation concludes by presenting some general guidelines to build a coordination-based approach of electronic voting systems to improve the security without decreasing the system modularity.
34
Ramilli, Marco <1983>. "A Design Methodology for Computer Security Testing." Doctoral thesis, Alma Mater Studiorum - Università di Bologna, 2013. http://amsdottorato.unibo.it/4438/.
Full textAbstract:
The field of "computer security" is often considered something in between Art and Science. This is partly due to the lack of widely agreed and standardized methodologies to evaluate the degree of the security of a system. This dissertation intends to contribute to this area by investigating the most common security testing strategies applied nowadays and by proposing an enhanced methodology that may be effectively applied to different threat scenarios with the same degree of effectiveness.
Security testing methodologies are the first step towards standardized security evaluation processes and understanding of how the security threats evolve over time. This dissertation analyzes some of the most used identifying differences and commonalities, useful to compare them and assess their quality.
The dissertation then proposes a new enhanced methodology built by keeping the best of every analyzed methodology. The designed methodology is tested over different systems with very effective results, which is the main evidence that it could really be applied in practical cases. Most of the dissertation discusses and proves how the presented testing methodology could be applied to such different systems and even to evade security measures by inverting goals and scopes. Real cases are often hard to find in methodology' documents, in contrary this dissertation wants to show real and practical cases offering technical details about how to apply it.
Electronic voting systems are the first field test considered, and Pvote and Scantegrity are the two tested electronic voting systems. The usability and effectiveness of the designed methodology for electronic voting systems is proved thanks to this field cases analysis. Furthermore reputation and anti virus engines have also be analyzed with similar results.
The dissertation concludes by presenting some general guidelines to build a coordination-based approach of electronic voting systems to improve the security without decreasing the system modularity.
35
Andersson, Oscar. "Tor och webbplatsorakel : Konstruktion och utvärdering av webbplatsorakel från DNS-tidtagning i Tor-nätverket." Thesis, Karlstads universitet, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-82564.
Full textAbstract:
This paper discsusses the question: is website oracles in Tor from timing DNS something we have to worry about? This paper builds apon the findings done by Rasmus Dahlberg and Tobias Pulls in thier paper Website Fingerprinting with Website Oracles. A website oracle is a side channel attack that answers the predicate: has this website been visited before? The website oracle is constructed and test are carried out, with great outcome, resulting in that website oracles from timing DNS is not an attack that puts individuals using Tor at risk, but certanly challanges the idea of an anonymity network when such a lot of data can be derived from DNS.Den här uppsatsen diskuterar frågan: är ett webbplatsorakel från DNS-tidtagning i Tor en attack att oroa sig för? Uppsatsen bygger på tidigare forskning utförd av Rasmus Dahlberg och Tobias Pulls i rapporten Website Fingerprinting with Website Oracles. Ett webbplatsorakel är en sidokanalsattack som svarar på predikatet: är denna webbsida besökt av en specifik delmängd användare? Tor är ett anonymitetsnätverk för gemene man, en viktig teknik för ett utvecklande samhälle där den enskilde individens rätt över sin egen information på internet är under konstant hot. I uppsatsen förklaras vad ett webbplatsorakel är i detalj, hur webbplatsorakel fungerar i Tor-nätverket och hur detta konstrueras i detalj. Resultat presenteras och en diskussion förs med anknytning till dagens teknik och samhälle i stort. Resultaten tyder inte på någon större risk för enskilda användare av Tor men visar på en riskfylld utveckling av perceptionen av hur Tor uppfattas och hur dess rykte kan skadas om attacker likt den presenterad i uppsatsen kan vidareutvecklas.
Presentation utfördes online p.g.a. coronapandemi.
36
Viggiani, Fabio. "Design and implementation of a non-aggressive automated penetration testing tool : An approach to automated penetration testing focusing on stability and integrity for usage in production environments." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-122906.
Full textAbstract:
The focus of this Master’s thesis project is automated penetration testing. A penetration test is a practice used by security professionals to assess the security of a system. This process consists of attacking the system in order to reveal flaws. Automating the process of penetration testing brings some advantages, the main advantage being reduced costs in terms of time and human resources needed to perform the test. Although there exist a number of automated tools to perform the required procedures, many security professionals prefer manual testing. The main reason for this choice is that standard automated tools make use of techniques that might compromise the stability and integrity of the system under test. This is usually not acceptable since the majority of penetration tests are performed in an operating environment with high availability requirements. The goal of this thesis is to introduce a different approach to penetration testing automation that aims to achieve useful test results without the use of techniques that could damage the system under test. By investigating the procedures, challenges, and considerations that are part of the daily work of a professional penetration tester, a tool was designed and implemented to automate this new process of non-aggressive testing. The outcome of this thesis project reveals that this tool is able to provide the same results as standard automated penetration testing procedures. However, in order for the tool to completely avoid using unsafe techniques, (limited) initial access to the system under test is needed.Det här examensarbete fokuserar i automatiserade penetrationstester. Penetrationstester används av säkerhetsspecialister för att bedöma säkerheten i ett system. Processen av ett penetrationstest består av olika attacker mot ett system för att hitta säkerhetshål. Automatiserade penetrationstester har fördelar som faktumet att det kostar mindre i tid och i mänskliga resurser som krävs. Trots att det finns många olika automatiserade verktyg för penetrationstestning, väljer många säkerhetsspecialister att göra det manuellt. Den största anledningen till att det görs manuellt är för att automatiserade verktygen använder sig av tekniker som kan kompromissa systemets stabilitet samt integritet. Det tillåts ofta inte, eftersom majoriteten av penetrationstesterna utförs i produktionsmiljöer som kräver hög tillgänglighet. Målet för det här examensarbetet är att introducera ett nytt tillvägagångssätt för automatiserad penetrationstestning, som inriktar sig på att ta fram användbara resultat utan tekniker som kan störa system under drift. Genom att undersöka procedurerna, utmaningarna samt vad som en penetrationstestare tar hänsyn till kommer ett verktyg designas och implementeras för att automatisera flödet av ett icke-aggressivt test. Resultatet av examensarbetet visar på att verktyget utvecklat kan uppnå samma resultat som de standardiserade penetrations-procedurerna givet begränsad tillgång till systemet.
37
Xiong, Pulei. "A Model-driven Penetration Test Framework for Web Applications." Thesis, Université d'Ottawa / University of Ottawa, 2012. http://hdl.handle.net/10393/20552.
Full textAbstract:
Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle.
In this thesis, we propose a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledge base, a test campaign model, and a knowledge-based PenTest workbench. The test framework enables general testers to perform a penetration test campaign in a model-driven approach that is fully integrated into a security-oriented software development life cycle. Security experts are still required to build up and maintain a web security knowledgebase for test campaigns, but the general testers are capable of developing and executing penetration test campaigns with reduced complexity and increased reusability in a systematic and cost-efficient approach.
A prototype of the framework has been implemented and applied to three web applications: the benchmark WebGoat web application, a hospital adverse event management system (AEMS), and a palliative pain and symptom management system (PAL-IS). An evaluation of the test framework prototype based on the case studies indicates the potential of the proposed test framework to improve how penetration test campaigns are performed and integrated into a security-oriented software development life cycle.
38
Hamra, Sam. "Ethical hacking : Threat modeling and penetration testing a remote terminal unit." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-288887.
Full textAbstract:
Remote terminal units are microprocessor controlled electronic devices that acts as an interface between control systems and objects in the real world. They are used in a range of highly critical infrastructures, and thus their security is of high priority. This thesis will present a security analysis and testing of a remote terminal unit. A threat model was created to identify threats to the system and a few key threats were selected for further penetration testing. The testing lead to the identification of a denial of service vulnerability as well as code injection vulnerability in the SD card storage of the remote terminal unit. The conclusions is that the system is rather robust from a remote attackers perspective although more vulnerabilities arise as an attacker gains physical access to the device.Fjärrkontrollsterminaler är elektroniska enheter som agerar som ett gränssnitt mellan kontrollsystem och objekt i den riktiga världen. De används i många kritiska infrastrukturer och därför är deras säkerhet högt prioriterad. I denna rapport presenteras säkerhetsanalys och testning av en fjärrkontrollsterminal. En hotmodell skapades för att identifiera hot mot systemet och ett antal hot valdes för vidare penetrationstestning. Testandet visade på svagheter mot denial of service attacker mot TCP/Ethernet gränssnittet samt kodinjicering mot SD-kortet som sitter i fjärrkontrollsterminalen. Slutsatsen är att systemet är relativt säkert mot fjärrattacker medan svagheterna mot attacker som kräver en fysisk tillgång till fjärrkontrollsterminalen är fler.
39
Solimeo, Alfonso. "Framework per l'analisi dinamica di vulnerabilità e penetration testing di App iOS." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/14827/.
Full textAbstract:
La sicurezza dell'informazione è ormai attore principale nell'era digitale in cui viviamo. Le tecnologie mobili (e.g. smartphone, tablet, etc) sono pervasive nella vita di tutti i giorni, manipolando ogni sorta di dati: da semplici foto, a delicati dati come quelli bancari.
Le Mobile App, gli applicativi software che animano i device mobili, sono i principali vettori di questi dati: la sicurezza attorno ad esse è fondamentale.
iOS è tra i principali sistemi operativi mobili, ma nonostante ciò non può contare su molti strumenti di analisi ai fini della sicurezza: questo a causa sia dell'erronea idea di immunità del sistema, sia a causa di sfide tecniche in cui si può incorrere, come il jailbreak, la procedura per acquisire i diritti di amministratore nel sistema operativo. Questa procedura diviene giorno dopo giorno più difficile e la maggioranza dei tool di analisi esistenti si basano su di essa.
Il lavoro di tesi presenta lo sviluppo di MAD-IOS, un framework per l'analisi dinamica di vulnerabilità e penetration testing, il quale, pur sfruttando strumenti tipici di ambienti jailbroken, esegue su dispositivi iOS puri, liberandosi in questo modo dalla dipendenza dal jailbreak.
40
Schulz, Pascal. "Penetration Testing of Web Applications in a Bug Bounty Program." Thesis, Karlstads universitet, Institutionen för matematik och datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-32404.
Full textAbstract:
Web applications provide the basis for the use of the "World-Wide-Web", as people know itnowadays. These software solutions get programmed by a numerous amount of developersall over the world. For all this software, it is not possible to guarantee a 100 percent security.Therefore, it is desirable that every application should get evaluated using penetration tests.Anewformof security testing platforms is getting provided by bug bounty programs, whichencourage the community to help searching for security breaches. This work introduces thecurrently leading portal for bug bounties, called Bugcrowd Inc. In addition, web applications,which were part of the program, got tested in order to evaluate their security level.A comparison is made with given statistics by leading penetration testing companies, showingthe average web application security level. The submission process, to send informationabout vulnerabilities, is getting evaluated. The average time it takes, to receive an answer regardinga submission is getting reviewed. In the end, the findings get retested, to evaluate, ifthe bug bounty program is a useful opportunity to increase security and if website operatorstake submissions serious by patching the software flaws.
41
West, Balthazar, and Marcus Wengelin. "Effectiveness of fuzz testing high-security applications." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-208359.
Full textAbstract:
Fuzzing is a testing methodology that is receiving increased attention in the field of software security. The methodology is interesting because almost anyone can download a fuzzer and search for bugs in large and well-tested programs or libraries. This thesis is a case study which examines the efficiency of fuzzing a library with high security requirements. It was decided that the Mbed TLS, an open source SSL library, would be fuzzed using AFL, a state of the art fuzzer. The steps required to use AFL to fuzz Mbed TLS are outlined along with the results the study yielded. The fuzzing process did not succeed in finding input that causes crashes. However, there was a clear contrast between the results of the two fuzzed components of the library, and ultimately considered inconclusive primarily due to the fuzzing process being too time-consuming. The thesis is concluded by acknowledging the major takeaways and suggestions for future work.Fuzz-testning är en testmetod som har fått ökad uppmärksamhet inom området mjukvarusäkerhet. Metoden är intressant för att i princip vem som helst kan ladda ner och använda en fuzzer för att hitta buggar i stora samt vältestade program och bibliotek. Denna rapport är en fallstudie som undersöker effektiviteten av att fuzz-testa ett bibliotek med höga säkerhetskrav. Biblioteket som studerats i denna rapport är mbed TLS, ett open-source SSL-bibliotek. Fuzzern som valdes kallas AFL, en vedertagen fuzzer som visat sig vara mycket effektiv. Stegen som togs för att fuzza mbed TLS beskrivs i rapporten, tillsammans med resultaten. Under fuzzingen hittades ingen input som genererade krascher. Dock finns en tydlig kontrast mellan resultaten av de två komponenterna av biblioteket som fuzzades, och i slutändan betraktas resultaten som ej slutgiltiga. Rapporten avslutas sedan med en diskussion samt rekommendationer för framtida forskning inom området.
42
Skaria, Sherin, and Fazely Hamedani Amir Reza. "Network Security Issues, Tools for Testing Security in Computer Network and Development Solution for Improving Security in Computer Network." Thesis, Halmstad University, Halmstad University, Halmstad University, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-4396.
Full text
43
Svenhard, Petter, and Amir Radaslic. "A penetration test of an Internet service provider : Computer Forensics and Information Security." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-18169.
Full textAbstract:
Computer security is of ever increasing importance in the modern corporate world due to the risk of disclosing sensitive assets. In a world where technology can be found in most organizations and businesses the importance of ensuring secure assets is not only a good habit but a necessity.This study concerned an Internet service provider in south western Sweden who saw an interest in ensuring the security of their computer systems. The Internet service provider wished to remain anonymous to protect its name and interests in casesensitive information were to be disclosed.The approach to test the service provider’s security was to perform an extensive penetration test of the ISP's relevant network and computer infrastructure. The aims of the penetration test were to map vulnerabilities and assess the risk that a possible flaw would pose if exploited.The results indicated that the systems of the ISP included several critical flaws that could lead to a denial of service condition and a complete compromise of the service provider’s office intranet. Furthermore the results indicated the possibility that the Internet service provider had in fact already been hacked by an unknown perpetrator.Finally the study was beneficial for the Internet service provider since they were provided with a deeper understanding of the security flaws in their computer system infrastructure. Moreover they were alerted to the presence of a possible crime scene on their property.
44
Holovová, Simona. "Aplikace na podporu testování bezpečnosti webových aplikací." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2020. http://www.nusl.cz/ntk/nusl-433173.
Full textAbstract:
This master´s thesis is about the security of web applications and penetration testing. The main goal is to gain knowledge about testing methodologies OWASP Testing Guide and ASVS and to implement this knowledge into a web application to assist during manual penetration testing. The theoretical part of the thesis describes both methodologies and web technologies used during the development of the application. The practical part of the thesis is about the design of the application based on the specification, its implementation, and security hardening.
45
Khalil, Rana Fouad. "Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-box Web Vulnerability Scanners." Thesis, Université d'Ottawa / University of Ottawa, 2018. http://hdl.handle.net/10393/38595.
Full textAbstract:
Black-box web application vulnerability scanners are automated tools that are used to crawl a web application to look for vulnerabilities. These tools are often used in one of two ways. In the first approach, scanners are used as Point-and-Shoot tools where a scanner is only given the root URL of an application and asked to scan the site. Whereas, in the second approach, scanners are first configured to maximize the crawling coverage and vulnerability detection accuracy. Although the performance of leading commercial scanners has been thoroughly studied, very little research has been done to evaluate open-source scanners. This paper presents a feature and performance evaluation of five open-source scanners. We analyze the crawling coverage, vulnerability detection accuracy, scanning speed, report- ing and usability features. The scanners are tested against two well known benchmarks: WIVET and WAVSEP. Additionally, the scanners are tested against a realistic web application called WackoPicko. The chosen benchmarks are composed of a wide range of vulnerabilities and crawling challenges. Each scanner is tested in two modes: default and configured. Lastly, the scanners are compared with the state of the art commercial scanner Burp Suite Professional.
Our results show that being able to properly crawl a web application is a critical task in detecting vulnerabilities. Unfortunately, the majority of the scanners evaluated had difficulty crawling through common web technologies such as dynamically generated JavaScript content and Flash applications. We also identified several classes of vulnerabilities that are not being detected by the scanners. Furthermore, our results show that scanners displayed considerable improvement when run in configured mode.
46
Marinuzzi, Natalie Romina. "LOCATION OF SINKHOLE CONFINING BREACH USING GROUNDWATER FLOW PATTERNS DERIVED FROM CONE PENETRATION TESTING." Master's thesis, University of Central Florida, 2004. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/4442.
Full textAbstract:
Dynamic forces in the hydrologic cycle move underground water through Florida's carbonate rocks dissolving chemical components of the rocks, leaving behind caves, solution pipes, and other voids that result in a karst terrain. Ravelling is the common subsidence mechanism throughout most of Florida where unconsolidated materials filter downward into voids in the underlying limestone. A cavity in the overburden develops and enlarges over a period of many years. The enlarged cavity is also known as sinkhole. The investigations of sinkhole characteristics and potential involve studying the regional geology, hydrology and mapping historic sinkholes that have occurred in the area. Use of Cone Penetration Test (CPT) soundings, in conjunction with conventional soil borings are becoming more common in the assessment of subsurface soil conditions in the vicinity of sinkhole-related ground surface. The penetration resistance data by CPT can determine the presence and extent of raveled soil zones characteristic of sinkhole features, and the penetration pore water pressure data can be used to determine the integrity of the clay confining unit at each test sounding location. The objective of this study is to identify the possible location of the confining breach at a sinkhole in Seminole County. The methods used in the assessment of the sinkhole's subsurface conditions were Standard Penetration Test (SPT), which provided information that helped to identify the location of the ravelled zones within the soil profile, and Cone Penetration Test that gave information of the piezometric water levels obtained from the pore pressure dissipation curves. The total head was calculated from the piezometric water levels corresponding to the different elevations. The data were found to exhibit a downward behavior of the total head, starting at around elevation 50 feet, NGVD that extended towards lower elevations. The SPT boring log identified a ravelled zone starting at 31 feet approximately. From both information it was possible to establish that the hydraulic head was influenced by the proximity of the ravelled zones, where the head precipitated rapidly as the elevation decreased. From the result of this study, it was concluded that the location of the breach in the confining layer started at 61.8 feet deep below the ground surface. Potentiometric contour lines at elevation 24.40 feet denoted flow patterns of water from the surroundings of the depression towards the approximate location of the center, which is the existing of subsurface cavity.M.S.
Department of Civil and Environmental Engineering
Engineering and Computer Science
Civil and Environmental Engineering
47
Srilatha, Rondla, and Gande Someshwar. "Security Testing for Web Applications in SDLC." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2903.
Full textAbstract:
Context: In Web applications, the Software vulnerability can be reduced by applying security testing in all phases of the software development life cycle (SDLC). Lot of vulnerabilities might occur if the security testing is applied in the last phase of SDLC. In order to mitigate these vulnerabilities, a lot of rework is required that involves reverse engineering in the development and design phases. To overcome this situation, organizations are shifting from security testing (performed in last phase) towards security testing in the early phases of SDLC. Objectives: The main objectives of this thesis are to gather the benefits and challenges of security testing in the last phase versus security testing in every phase of the SDLC. After gathering, authors want to compare both implementations because these days most organizations are shifting from last phase to every phase of SDLC. Justification to the reason can be achieved by this comparison. Methods: In order to satisfy the objectives of this thesis, a literature review and interviews were conducted. The literature review was conducted by gathering benefits and challenges of last phase and every phase of SDLC. Authors have applied coding technique to the data gathered from literature review. By using the results from literature review, a set of questions were framed. Based on these questions, interviews in various organizations were performed. To analyze the practitioner’s data we used Sorting and Coding technique. Then, we conducted a comparative analysis to compare both results. Results: Application of security testing in the last phase of the SDLC results in a lot of rework which in turn leads to instability in managing the cost, time and resources in an organisation. In order to overcome this, more and more organisations are introducing security testing at each and every phase of SDLC. Conclusions: It can be concluded that every phase of security testing in SDLC has more benefits than applying in last phase of SDLC. To evaluate this process more research is needed to acquire more knowledge of security testing in all phases of SDLC. Through literature review and interviews conducted, it is evident that security testing at early phases causes a reduction in rework which in turn leads to more efficient management of cost, time and resources of a project.+91 8977404640
48
Flansburg, Kevin. "A framework for automated management of exploit testing environments." Thesis, Georgia Institute of Technology, 2015. http://hdl.handle.net/1853/54912.
Full textAbstract:
To demonstrate working exploits or vulnerabilities, people often share
their findings as a form of proof-of-concept (PoC) prototype. Such practices are particularly useful to learn about real vulnerabilities and state-of-the-art exploitation techniques. Unfortunately, the shared PoC exploits are seldom reproducible; in part because they are often not
thoroughly tested, but largely because authors lack a formal way to specify the tested environment or its dependencies. Although exploit writers attempt to overcome such problems by describing their
dependencies or testing environments using comments, this informal way of sharing PoC exploits makes it hard for exploit authors to achieve the original goal of demonstration. More seriously, these non- or hard-to-reproduce PoC exploits have limited potential to be utilized for other useful research purposes such as penetration testing, or in
benchmark suites to evaluate defense mechanisms. In this paper, we present XShop, a framework and infrastructure to
describe environments and dependencies for exploits in a formal way, and to automatically resolve these constraints and construct an isolated environment for development, testing, and to share with the community. We show how XShop's flexible design enables new possibilities for
utilizing these reproducible exploits in five practical use cases: as a security benchmark suite, in pen-testing, for large scale vulnerability analysis, as a shared development environment, and for regression
testing. We design and implement such applications by extending the
XShop framework and demonstrate its effectiveness with twelve real
exploits against well-known bugs that include GHOST, Shellshock, and Heartbleed. We believe that the proposed practice not only brings immediate incentives to exploit authors but also has the potential to be
grown as a community-wide knowledge base.
49
Sjöstrand, Johan, and Sara Westberg. "Functional and Security testing of a Mobile Application." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-138710.
Full textAbstract:
A mobile application has been developed to be used for assistance in crisis scenarios. To assure the application is dependable enough to be used in such scenarios, the application was put under test. This thesis investigates different approaches to functional testing and security testing. Five common methods of generating test cases for functional testing have been identified and four were applied on the application. The coverage achieved for each method was measured and compared. For this specific application under test, test cases from a method called decision table-testing scored the highest code coverage. 9 bugs related to functionality were identified. Fuzz testing is a simple security testing technique for efficiently finding security flaws, and was applied for security testing of our application. During the fuzz test, system security properties were breached. An unauthorized user could read and alter asset data, and it also affected the system's availability. Our overall conclusion was that with more time, creating functional tests for smaller components of the application might have been more effective in finding faults and achieving coverage.
50
Shu, Guoqiang. "Formal Methods and Tools for Testing Communication Protocol System Security." The Ohio State University, 2008. http://rave.ohiolink.edu/etdc/view?acc_num=osu1211333211.
Full text