Penetration testing is a method to assess and evaluate the security of computer network, website and application software. Penetration testing is a legal and authorized method to assess and secure a computer network. Through this paper we intend to introduce systematic and integrated approach to Web Application Penetration Testing. Nowadays most of the software applications are provided on web platform. Web applications increased accessibility and availability of software and services however it increases risk of malicious attacks. In order to provide quality software services web applications providers need to assess potential vulnerabilities and remove these potential weaknesses in their system to make it more secure from potential attackers. Pen tester applies various approaches to assess strength and weaknesses of a computer system. In this paper we discuss various steps involved in penetration testing such as information gathering, vulnerability analysis, exploitation and test analysis phase. We also discuss various automated tools available to a Pen Tester and their applications. Comparative vulnerability analysis is also provided on the basis of various Assessment parameters such as exploit ability, prevalence, detect ability and impact.
Keywords
Penetration Testing, Web Applications, Vulnerability Analysis, CMS, Backtrack5, Owsap, IPS/IDS, Web Crawlers Etc.
User
Font Size
Information