Detail of the student project

Topic:Bezpečnostní plug-in do prohlížeče
Department:Katedra kybernetiky
Supervisor:doc. Ing. Daniel Novák, Ph.D.
Announce as:Diplomová práce, Semestrální projekt
Description:Familiarize yourself with existing CLI tools for reconnaisance and vulnerability scanning (Nikto, DataSploit, etc.)

2. Familiarize yourself with the OWASP Top 10 list

3. Analyze the websecurity extension market

4. Determine which functionalities of common reconnaisance and vulnerability scanning tools can be implemented in a browser extension

5. Design a user-friendly browser extension that can be used by web developers to avoid the most common security issues

6. The extension should recommend possible remediation/mitigation steps for found issues
Bibliography:W. Qianqian and L. Xiangjun, "Research and design on Web application vulnerability scanning service," 2014 IEEE 5th International Conference on Software Engineering and Service Science, 2014, pp. 671-674, doi: 10.1109/ICSESS.2014.6933657. [link]

2. Esposito, Damiano, et al. "Exploiting the potential of web application vulnerability scanning." ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018. IARIA, 2018. [link]

3. Rennhard, Marc, et al. "Improving the effectiveness of web application vulnerability scanning." International Journal on Advances in Internet Technology 12.1/2 (2019): 12-27. [link]

4. A. C. Perera, K. Kesavan, S. V. Bannakkotuwa, C. Liyanapathirana and L. Rupasinghe, "E-commerce (WEB) Application Security: Defense against Reconnaissance," 2016 IEEE International Conference on Computer and Information Technology (CIT), 2016, pp. 732-742, doi: 10.1109/CIT.2016.105.
Responsible person: Petr Pošík