DETECTING SECURITY VULNERABILITIES IN WEB APPLICATIONS USING PENETRATION TESTING
DOI:
https://doi.org/10.24867/08BE27AndjelicKeywords:
Penetration testing, Web Application security, HackingAbstract
This paper contains basic concepts of penetration testing, describing all stages in the methodology, from obtaining information to identify possible weak points to exploiting vulnerabilities. Found vulnerabilities in real-world web applications Juice Shop and Peruggia are described. DIRB, Nikto, Dotdotpwn and Burp Suite tools were selected to conduct testing and detect potential security vulnerabilities.
References
[1] James P. McDermott, „Attack net penetration testing”, NSPW, pp. 15-21, 2000.
[2] Gary Mcgraw, Software security: building security in, Addison-Wesley Professional, vol. 1, 2006.
[3] Herbert H. Thompson, „Why security testing is hard”, IEEE Security and Privacy, vol. 1, no. 4, pp. 83-86, 2003.
[4] OWASP Top 10 – 2017, The Ten Most Critical Web Application Security Risks
[5] Gilberto Najera Gutierrez i Juned Ahned Ansari, Web penetration testing with Kali Linux, Packt Publishing, 2018.
[6] Joseph Muniz i Aamir Lakhani, Web penetration testing with Kali Linux, Packt Publishing, 2013.
[7] Ajinkya A. Farsole, Amruta G. Kashikar i Apurva Zunzunwala, „Ethical Hacking”, International Journal of Computer Applications (IJCA), vol. 1, no. 10, pp. 14-20, 2010.
[8] Patrick Engebretson, The basics od hacking and penetration testing: Ethical hacking and penetration testing made easy, Elsevier, 2013.
[9] H. H. Thompson, „Application penetration testing”, IEEE Security and Privacy, vol. 3, no. 1, pp. 66-69, 2005.
[2] Gary Mcgraw, Software security: building security in, Addison-Wesley Professional, vol. 1, 2006.
[3] Herbert H. Thompson, „Why security testing is hard”, IEEE Security and Privacy, vol. 1, no. 4, pp. 83-86, 2003.
[4] OWASP Top 10 – 2017, The Ten Most Critical Web Application Security Risks
[5] Gilberto Najera Gutierrez i Juned Ahned Ansari, Web penetration testing with Kali Linux, Packt Publishing, 2018.
[6] Joseph Muniz i Aamir Lakhani, Web penetration testing with Kali Linux, Packt Publishing, 2013.
[7] Ajinkya A. Farsole, Amruta G. Kashikar i Apurva Zunzunwala, „Ethical Hacking”, International Journal of Computer Applications (IJCA), vol. 1, no. 10, pp. 14-20, 2010.
[8] Patrick Engebretson, The basics od hacking and penetration testing: Ethical hacking and penetration testing made easy, Elsevier, 2013.
[9] H. H. Thompson, „Application penetration testing”, IEEE Security and Privacy, vol. 3, no. 1, pp. 66-69, 2005.
Downloads
Published
2020-05-29
Issue
Section
Electrotechnical and Computer Engineering
