Electrotechnical and Computer Engineering
Vol. 35 No. 06 (2020): Proceedings of the Faculty of Technical Sciences
DETECTING SECURITY VULNERABILITIES IN WEB APPLICATIONS USING PENETRATION TESTING
Abstract
This paper contains basic concepts of penetration testing, describing all stages in the methodology, from obtaining information to identify possible weak points to exploiting vulnerabilities. Found vulnerabilities in real-world web applications Juice Shop and Peruggia are described. DIRB, Nikto, Dotdotpwn and Burp Suite tools were selected to conduct testing and detect potential security vulnerabilities.
References
[1] James P. McDermott, „Attack net penetration testing”, NSPW, pp. 15-21, 2000.
[2] Gary Mcgraw, Software security: building security in, Addison-Wesley Professional, vol. 1, 2006.
[3] Herbert H. Thompson, „Why security testing is hard”, IEEE Security and Privacy, vol. 1, no. 4, pp. 83-86, 2003.
[4] OWASP Top 10 – 2017, The Ten Most Critical Web Application Security Risks
[5] Gilberto Najera Gutierrez i Juned Ahned Ansari, Web penetration testing with Kali Linux, Packt Publishing, 2018.
[6] Joseph Muniz i Aamir Lakhani, Web penetration testing with Kali Linux, Packt Publishing, 2013.
[7] Ajinkya A. Farsole, Amruta G. Kashikar i Apurva Zunzunwala, „Ethical Hacking”, International Journal of Computer Applications (IJCA), vol. 1, no. 10, pp. 14-20, 2010.
[8] Patrick Engebretson, The basics od hacking and penetration testing: Ethical hacking and penetration testing made easy, Elsevier, 2013.
[9] H. H. Thompson, „Application penetration testing”, IEEE Security and Privacy, vol. 3, no. 1, pp. 66-69, 2005.