An Integrated Approach Towards Vulnerability Assessment & Penetration Testing for a Web Application

Current digitized world has surpassed the days of mere existence of internet. Furnishing the services through web has become the most often element to be implemented by almost every sector. These ever-changing technologies has also brought about, devastating evading techniques compromising the fragility of the web application. Assessing the existing vulnerabilities of a web application and testing all possible penetrations would be tedious if the tools used are bearing a cost factor. This paper suggests an integrated approach of assessing the vulnerabilities in any web application using free and open source tools where the reports are generated with respect to vulnerabilities and their categories and level of severity. The tools are integrated and correlated for producing the accurate results in better manner similar to the results produced by the commercial ones. The analysis has been done by considering the reports released by OWASP, OSSTMM, ISSAF, CVE, Exploit Database and Microsoft Vulnerability Research. The report produced after vulnerability assessment has been taken for testing different penetrations for a single application. The identified vulnerabilities are therefore exploited for testing the penetrations of a web application. The report will be generated finally stating all possible exploitable vulnerabilities that are encountered in a web application. The final report generated would help the developers to fix the vulnerable issues.