ePrints.FRI - University of Ljubljana, Faculty of Computer and Information Science

Penetration testing of information systems

Blaž Berčič (2013) Penetration testing of information systems. EngD thesis.

Download (4Mb)


    In recent years the expansion of the internet also brought an increase in computer crime. The targets of the attackers are mostly information systems. Companies and individuals, whose work and earnings depend on the smooth functioning of the IT infrastructure, are becoming more and more aware of the problem. In order to protect these systems it is necessary to find and eliminate their vulnerabilities before malicious attackers find and exploit them in order to obtain unauthorized access. The process, which enables us to achieve this, is called penetration testing. The aim of this thesis is to define the penetration test, describe the tools which are used during the test and finally use them to demonstrate intrusion into the information system. In the theoretical part a vulnerability assessment is presented as a part of the penetration test. In this case the penetration tester is considered to be a white-hat hacker. In the next part types and phases of a penetration test are described and some tools are presented that enable us to accomplish the task: Nmap, Nessus, OpenVAS and Metasploit. After the theoretical part these tools are used for demonstration of an attempt to break into an online store. By using the vulnerability scanners information about potential vulnerabilities is obtained and then vulnerability exploitation is achieved by using an appropriate exploit.

    Item Type: Thesis (EngD thesis)
    Keywords: penetration test, vulnerability assessment, white hat, exploit
    Number of Pages: 44
    Language of Content: Slovenian
    Mentor / Comentors:
    Name and SurnameIDFunction
    prof. dr. Denis Trček1121Mentor
    Link to COBISS: http://www.cobiss.si/scripts/cobiss?command=search&base=50070&select=(ID=9903444)
    Institution: University of Ljubljana
    Department: Faculty of Computer and Information Science
    Item ID: 2036
    Date Deposited: 10 May 2013 09:29
    Last Modified: 11 Jun 2013 09:56
    URI: http://eprints.fri.uni-lj.si/id/eprint/2036

    Actions (login required)

    View Item