AADYA -National Journal of Management and Technology

Open Access Open Access  Restricted Access Subscription Access

An Integrated Approach to Web Application Penetration Testing


Affiliations
1 Thakur Institute of Management Studies, Career Development and Research, India
2 Thakur Institute of Management Studies, Career Development and Research, India
 

Penetration testing is a method to assess and evaluate the security of computer network, website and application software. Penetration testing is a legal and authorized method to assess and secure a computer network. Through this paper we intend to introduce systematic and integrated approach to Web Application Penetration Testing. Nowadays most of the software applications are provided on web platform. Web applications increased accessibility and availability of software and services however it increases risk of malicious attacks. In order to provide quality software services web applications providers need to assess potential vulnerabilities and remove these potential weaknesses in their system to make it more secure from potential attackers. Pen tester applies various approaches to assess strength and weaknesses of a computer system. In this paper we discuss various steps involved in penetration testing such as information gathering, vulnerability analysis, exploitation and test analysis phase. We also discuss various automated tools available to a Pen Tester and their applications. Comparative vulnerability analysis is also provided on the basis of various Assessment parameters such as exploit ability, prevalence, detect ability and impact.

Keywords

Penetration Testing, Web Applications, Vulnerability Analysis, CMS, Backtrack5, Owsap, IPS/IDS, Web Crawlers Etc.
User
Notifications
Font Size

Abstract Views: 358

PDF Views: 307




  • An Integrated Approach to Web Application Penetration Testing

Abstract Views: 358  |  PDF Views: 307

Authors

Alok Singh
Thakur Institute of Management Studies, Career Development and Research, India
Lovely Lakhmani Balani
Thakur Institute of Management Studies, Career Development and Research, India
Brijesh Kumar Pandey
Thakur Institute of Management Studies, Career Development and Research, India

Abstract


Penetration testing is a method to assess and evaluate the security of computer network, website and application software. Penetration testing is a legal and authorized method to assess and secure a computer network. Through this paper we intend to introduce systematic and integrated approach to Web Application Penetration Testing. Nowadays most of the software applications are provided on web platform. Web applications increased accessibility and availability of software and services however it increases risk of malicious attacks. In order to provide quality software services web applications providers need to assess potential vulnerabilities and remove these potential weaknesses in their system to make it more secure from potential attackers. Pen tester applies various approaches to assess strength and weaknesses of a computer system. In this paper we discuss various steps involved in penetration testing such as information gathering, vulnerability analysis, exploitation and test analysis phase. We also discuss various automated tools available to a Pen Tester and their applications. Comparative vulnerability analysis is also provided on the basis of various Assessment parameters such as exploit ability, prevalence, detect ability and impact.

Keywords


Penetration Testing, Web Applications, Vulnerability Analysis, CMS, Backtrack5, Owsap, IPS/IDS, Web Crawlers Etc.