Manual and automated penetration testing. Benefits and drawbacks. Modern tendency

Stefinko, Yaroslav; Piskozub, Andrian; Банах, Роман

doi:10.1109/tcset.2016.7452095

Cited by 49 publications

(33 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For choosing the sample site, some google dork has been used. This research has compared our automated detection tool's result with manual penetration testing method [14]. The experiment has conducted on 265 web applications.…”

Section: Experiments Resultsmentioning

confidence: 99%

“…We divide our methodology into two parts i.e. experimental environment as our developed detection tool based on SAISAN, and control environment as manual penetration testing method [14]. The SAISAN model based tool is implemented in python programing language.…”

Section: Methodsmentioning

confidence: 99%

“…This study has propose a detection model, SAISAN where the solution can detect LFI weaknesses of the web applications. This research also implement SAISAN through a tool where the result of the tool will be compared with manual penetration testing method [14] to figure out the accuracy of the model. This paper is organized in seven sections.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

Hassan¹,

Bhuyian²,

Sohel³

et al. 2018

IJET

View full text Add to dashboard Cite

Communicating and delivering services to the consumers through web applications are now become very popular due to its user friendly interface, global accessibility, and easy manageability. Careless design and development of web applications are the key reasons for security breaches which are very alarming for the users as well as the web administrators. Currently, Local File Inclusion (LFI) vulnerability is found present commonly in several web applications that lead to remote code execution in host server and initiates sensitive information disclosure. Detection of LFI vulnerability is getting very critical concern for the web owner to take effective measures to mitigate the risk. After reviewing literatures, we found insignificant researches conducted on automated detection of LFI vulnerability. This paper has proposed an automated LFI vulnerability detection model, SAISAN for web applications and implemented it through a tool. 265 web applications of four different sectors has been examined and received 88% accuracy from the tool comparing with the manual penetration testing method.

show abstract

Section: Experiments Resultsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

Hassan¹,

Bhuyian²,

Sohel³

et al. 2018

IJET

View full text Add to dashboard Cite

show abstract

“…Broken Authentication and Session Management have different types of exploitation techniques that are discussed in this paper. Manual penetration testing method [29] has been used to check the above vulnerability of web applications in public and private sector of Bangladesh. It continuously sends the request of produced user credential until the system finds it correct.…”

Section: A General Broken Authentication and Session Management Exploimentioning

confidence: 99%

“…Manual penetration testing method [29] has been used following the double blinded strategy [30] to perform the study. The small sample techniques [31] has also selected to determine the sample size for this study.…”

Section: Data Collection Proceduresmentioning

confidence: 99%

Broken Authentication and Session Management Vulnerability: A Case Study of Web Application

Hassan

Nipa

Akter

et al. 2018

International Journal of Simulation: Systems, Science &Amp; Technology

View full text Add to dashboard Cite

Web applications have extensively taken over the roles of atomization and enhancement of prevailing solutions. It also provides different services to the multiple users of the application. In the recent time, performance of the web services are measured through two important properties such as authentication and session management. However, user authentication appears to be crucial when a valid user of the web application inappropriately discontinues their communication while the session remains active and an unauthorized user pick the same session to get access into the system. Broken Authentication and Session Management vulnerability exploitation risk is becoming enormously higher due to attackers creative skills, system's weak design and improper implementation of web applications. The consequence of the above exploitation may result not only identity theft but also removal/tamper confidential information. This paper has analyzed the authentication vulnerability attack i.e. Broken Authentication and Session Management, its exploitation types and their impact upon investigating on 267 websites of public and private sectors in Bangladesh. 56% websites of our samples were found vulnerable with the given weaknesses by conducting the examination using manual penetration testing method following double blind testing strategy. The result shows the impact and percentage of this vulnerability attacks.

show abstract

Agentless Automation Model for Post Exploitation Penetration Testing

Maddala¹,

Patil²

2019

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Manual and automated penetration testing. Benefits and drawbacks. Modern tendency

Cited by 49 publications

References 1 publication

SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

Broken Authentication and Session Management Vulnerability: A Case Study of Web Application

Agentless Automation Model for Post Exploitation Penetration Testing

Contact Info

Product

Resources

About