An Integrated Approach Towards Vulnerability Assessment & Penetration Testing for a Web Application

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    Current digitized world has surpassed the days of mere existence of internet. Furnishing the services through web has become the most often element to be implemented by almost every sector. These ever-changing technologies has also brought about, devastating evading techniques compromising the fragility of the web application. Assessing the existing vulnerabilities of a web application and testing all possible penetrations would be tedious if the tools used are bearing a cost factor. This paper suggests an integrated approach of assessing the vulnerabilities in any web application using free and open source tools where the reports are generated with respect to vulnerabilities and their categories and level of severity. The tools are integrated and correlated for producing the accurate results in better manner similar to the results produced by the commercial ones. The analysis has been done by considering the reports released by OWASP, OSSTMM, ISSAF, CVE, Exploit Database and Microsoft Vulnerability Research. The report produced after vulnerability assessment has been taken for testing different penetrations for a single application. The identified vulnerabilities are therefore exploited for testing the penetrations of a web application. The report will be generated finally stating all possible exploitable vulnerabilities that are encountered in a web application. The final report generated would help the developers to fix the vulnerable issues.

     

     


  • Keywords


    Vulnerability assessment, penetration testing, integrated results.

  • References


      [1] Dafydd Stuttard Marcus Pinto: The Web Application Hacker’s Handbook Second Edition Finding and Exploiting Security Flaws

      [2] Pentesting on Web Applications using Ethical Hacking Central American and Panama Convention (CONCAPAN XXXVI), 2016 IEEE 36th

      [3] “Top10 2017-Top10,”OWASP Foundation, 2013; https://www.owasp.org/

      [4] Domain Dossier, Investigate domains and IP addresses :

      [5] SuperScanv4.1:https://www.mcafee.com/in/downloads/free-tools/superscan.aspx

      [6] Nmap : https://nmap.org/

      [7] Acunerix :https://www.acunetix.com/vulnerability-scanner/online-scanner/

      [8] Burpsuite : https://portswigger.net/burp/communitydownload

      [9] Nessus :https://www.tenable.com/products/nessus/select-your-operating-system

      [10] Nikto : https://cirt.net/Nikto2

      [11] Vega : https://subgraph.com/vega/download/

      [12] W3AF Available: http://w3af.org/download

      [13] Zap proxy Available: http://www.zaproxy.org/

      [14] Qualys : https://www.ssllabs.com/ssltest/

      [15] Arachni scanner : http://www.arachni-scanner.com/


 

View

Download

Article ID: 15733
 
DOI: 10.14419/ijet.v7i2.32.15733




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.