E-learning applications and data security

This bachelor's thesis addresses the topic of security threats for web applications, with the practical part presenting a security assessment of selected e-learning applications. It describes the most common current threats for web applications, attack techniques and security techniques. The web environment gave rise to a whole range of techniques for breaching the security of web applications, and this thesis therefore presents the most common threats. The second part of the thesis introduces security techniques, both general techniques based on securing the protocol and techniques against specific threats. The protocol on which an application runs is one of the most important security components, and therefore the thesis analyses the functioning of the HTTPS protocol and its security layers in greater detail. The following part provides an analysis of the field of e-learning security. The reader learns about the security risks which he can encounter in operating open source e-learning solutions. The conclusion of the theoretical part describes the basic principles of security testing by means of the methods defined by the Open Web Application Security Project. The practical part of the thesis deals with the results of security testing of three selected open-source software systems: Moodle, Dokeos and eFront. The testing was focused on threats introduced in the theoretical part of the thesis and uses the findings from the OWASP Testing Guide v3. Individual testing attacks, their results and overall security recommendations are described for every tested e-learning system. The conclusion of the practical part provides an overall assessment of the tested systems.