Implementation and Analysis of Penetration Techniques Using the Man-In-The-Middle Attack

Arnaldy, Defiana; Perdana, Audhika Rahmat

doi:10.1109/ic2ie47452.2019.8940872

Cited by 19 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The security evaluation was conducted of a web application that employs penetration testing strategies to showcase manin-the-middle attacks [10]. They used a few penetration testing strategies like SQL Injection, cross-site scripting (XSS), and brute force attacks.…”

Section: Literature Surveymentioning

confidence: 99%

“…Penetration testing for web applications has been an active area of research in recent years, with researchers proposing new methodologies, tools, and case studies. Some studies have focused on specific types of web app vulnerabilities like SQL injection [7] and XSS [8], while others have taken a more comprehensive approach covering various vulnerabilities [9][10][11][12]. The use of automated scanning tools like Nmap, Nikto, and ZAP, along with manual verification, has been commonly employed.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications

Kollepalli,

Reddy,

Sai

et al. 2024

IJSSE

View full text Add to dashboard Cite

The increasing use of the internet has led to a growing number of security threats. Computers, smartphones, smartwatches, and other mobile devices associated with the internet face different threats and exploits. In those cases, different services are provided through web applications only. Those applications are vulnerable to hacking. There are over 1.9 billion websites today, and everything is connected to the network. According to the new national vulnerability database update, 10,683 weaknesses were found in web applications in the first quarter of 2023. The websites have the most significant details of the clients, like personal details, financial details, and so on. Checking all the web application weaknesses is not a silver bullet. So, vulnerability scanners play a significant role in web application security. Vulnerability analysis and penetration testing are two distinct vulnerability types of testing. These tests can help identify all the vulnerabilities in a web application, even those not detected by vulnerability scanners. While certain users access this vulnerability analysis data with just honest goals, like creating some security measures to avoid those vulnerabilities, some utilize it to recognize ways of destroying significant information and records of websites. As it is notable, the term penetration testing is also ethical hacking. The current paper aims to investigate penetration testing on web applications. The paper discusses the different types of penetration testing, the tools and techniques used, and the benefits of penetration testing. It also suggests the challenges of penetration testing and the steps that can be taken to mitigate these challenges.

show abstract

Section: Literature Surveymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications

Kollepalli,

Reddy,

Sai

et al. 2024

IJSSE

View full text Add to dashboard Cite

show abstract

“…Several studies have been carried out on Android permission requests [26], Android user privacy [27], attacks on Android and other mobile platforms [28,29], including malware attacks [30], synchronous channels attack [31], side-channel attacks [32], runtime repackaging attacks [33], and Man-in-the-Middle attacks [34] accuracy. This section of the paper provides a brief examination of some of the related works carried out.…”

Section: Permission-based Detection and Feature Extractionmentioning

confidence: 99%

Modeling Correlation between Android Permissions Based on Threat and Protection Level Using Exploratory Factor Plane Analysis

Ashawa

Morris

2021

JCP

View full text Add to dashboard Cite

The evolution of mobile technology has increased correspondingly with the number of attacks on mobile devices. Malware attack on mobile devices is one of the top security challenges the mobile community faces daily. While malware classification and detection tools are being developed to fight malware infection, hackers keep deploying different infection strategies, including permissions usage. Among mobile platforms, Android is the most targeted by malware because of its open OS and popularity. Permissions is one of the major security techniques used by Android and other mobile platforms to control device resources and enhance access control. In this study, we used the t-Distribution stochastic neighbor embedding (t-SNE) and Self-Organizing Map techniques to produce a visualization method using exploratory factor plane analysis to visualize permissions correlation in Android applications. Two categories of datasets were used for this study: the benign and malicious datasets. Dataset was obtained from Contagio, VirusShare, VirusTotal, and Androzoo repositories. A total of 12,267 malicious and 10,837 benign applications with different categories were used. We demonstrate that our method can identify the correlation between permissions and classify Android applications based on their protection and threat level. Our results show that every permission has a threat level. This signifies those permissions with the same protection level have the same threat level.

show abstract

“…The range of attacks on digital signature are: 1. Man-in-the-middle [12] [13] For an attack to succeed in getting around authentication, interface access is necessary. It does this by intercepting and fabricating messages in a way that compels the device to communicate with the attacker using a key they know (Clark et al 1996).…”

Section: Introductionmentioning

confidence: 99%

An Attack-Resistant Lightweight Digital Signature Based on an Elliptic Curve for Improved Security in Resource Constrained Applications

Toradmalle¹,

K²

2023

INDJCSE

View full text Add to dashboard Cite

Despite the fact that ECDSA is the most innovative asymmetric digital signature technique, experts are working tirelessly to strengthen it to survive various challenges. Both internal and external attacks can occur from intruders. An end-user, a malware-infected IT component, a physical attacker who operates within the environment's security perimeter, or a physical person who directly interacts with the environment, manages the hardware, or even communicates with the end-user (i.e., a malicious signer). In contrast, an external attack involves the attacker moving outside the signature environment's security boundary, possibly across a network. Attacks on interfaces place more emphasis on the protocols that a device employs to interact with the outside world rather than on the machine itself. The proposed work presents a solution to an improved, lightweight ECDSA which is resistant to MITM, Replay and forgery attacks than its counterparts. The comparison of the proposed ECDSA is compared with its counterpart and cryptanalysis is performed to prove that the proposed ECDSA is more relevant in real time since the Zhong's Method takes 13.28% less time to sign data than the Suggested ECDSA method. The Suggested technique stands out in broader application areas where calculation time is a concern since it requires 8.2% less time than Zhong's Method for Signature verification at the Receiver end.

show abstract

Implementation and Analysis of Penetration Techniques Using the Man-In-The-Middle Attack

Cited by 19 publications

References 4 publications

An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications

An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications

Modeling Correlation between Android Permissions Based on Threat and Protection Level Using Exploratory Factor Plane Analysis

An Attack-Resistant Lightweight Digital Signature Based on an Elliptic Curve for Improved Security in Resource Constrained Applications

Contact Info

Product

Resources

About