Absolvování individuální odborné praxe

Abstract

This bachelor thesis is the processing of completion of my individual professional practice in XEVOS SOLUTIONS, s.r.o. with a focus on cyber security. The aim of this work is to describe the methodology, prevention and various ways of testing a web application developed for commercial use. Used tools are based on open source. Security risks and methodologies are modeled on the basis of OWASP Foundation. Individual risks are accompanied by demonstrations of possible attacks as well as prevention against them. The theoretical part of the thesis will describe some of the basics, but key concepts to clarify the issue and write this thesis. The practical part will be focused on testing the web interface primarily using the OWASP ZAP application but also other open source tools for various purposes such as gathering information and vulnerabilities to develop attack vectors.