Vulnerability Assessment and Penetration Testing of Web Application

Nagpure, Sangeeta; Kurkure, Sonal

doi:10.1109/iccubea.2017.8463920

Cited by 41 publications

(9 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Penelitian dari Prof. Sangeeta dkk [18] menggabungkan uji manual dan otomatis menggunakan Burpsuit, ZAP dan Accunetix untuk aplikasi E-Commerce dan Cloud.…”

Section: Vulnerability Assessment and Penetration Testing Of Webunclassified

Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating

Priambodo¹,

Rifansyah²,

Hasbi

2023

teknika

View full text Add to dashboard Cite

Website ”XYZ” merupakan aplikasi yang mempunyai fungsi dalam layanan pembuatan dokumen kependudukan, layanan pendaftaran akses masuk, dan fitur login. Penilaian kerawanan secara berkala diperlukan untuk menjamin kehandalan dari aplikasi. Penilaian kerawanan dengan menggunakan tool uji saja sekarang tidak dirasa cukup sehingga memerlukan validasi. Salah satu validasi tersebut adalah menggunakan penetration testing. Uji penetrasi pada Website XYZ Kabupaten XYZ dilaksanakan dengan mengacu kepada Open Web Application Security Project (OWASP) Top 10-2021. Penetration testing dilaksanakan dengan metode black box untuk mendapatkan hasil pengukuran tingkat kerentanan pada aplikasi. Keseluruhan penilaian kerentanan dilakukan dalam empat tahap yaitu planning, information gathering, vulnerability scanning menggunakan 2 tools otomatis yaitu Vega dan OWASP ZAP sebagai upaya untuk mendapatkan cakupan yang lebih luas terkait kerentanan yang ditemukan dikuti dengan validasi dilanjutkan tahap analysis and reporting. Hasil tahap vulnerability scanning menghasilkan 9 jenis kerentanan dengan sebaran 2 high, 1 medium, dan 6 low. Pengujian penetrasi untuk validasi mengacu pada dokumen panduan Web Security Testing Guide (WSTG) versi 4.2. Hasil proses akhir berupa rekomendasi dapat digunakan sebagai referensi pengembang aplikasi web untuk menangani kerentanan khususnya hilangnya ketersediaan layanan dan kebocoran data.

show abstract

“…Penelitian dari Prof. Sangeeta dkk [18] menggabungkan uji manual dan otomatis menggunakan Burpsuit, ZAP dan Accunetix untuk aplikasi E-Commerce dan Cloud.…”

Section: Vulnerability Assessment and Penetration Testing Of Webunclassified

Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating

Priambodo¹,

Rifansyah²,

Hasbi

2023

teknika

View full text Add to dashboard Cite

show abstract

“…O principal objetivo do teste de invasão é encontrar falhas que passam despercebidas, realizar testes que simulam os métodos maliciosos utilizados em busca de alguma vulnerabilidade exposta, sem comprometer a aplicac ¸ão alvo. Em [Nagpure and Kurkure 2017] os autores trazem a comparac ¸ão das vantagens e desvantagens de alguns métodos de testes. Ainda nessa linha, [Vibhandik and Bose 2015] fornece uma nova abordagem de teste para detectar vulnerabilidades em aplicativos da Web ao selecionar um conjunto de ferramentas de maneira otimizada e organizada.…”

Section: Ferramentas E Frameworkunclassified

“…Em termos de testes de invasão, destacam-se as ferramentas Burp suite e OWASP Zed Attack Proxy (ou ZAP) [Nagpure and Kurkure 2017]. O primeiro é um agrupamento de várias ferramentas que se juntam para trabalhar em um modo passivo ou ativo, apoiando o testador em todo o processo de teste, desde a fase de planejamento até a identificac ¸ão de vulnerabilidades e explorac ¸ão dessas vulnerabilidades.…”

Section: Ferramentas E Frameworkunclassified

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

O objetivo deste trabalho é apresentar uma revisão sistemática sobre o desenvolvimento de aplicações Web a partir das principais vulnerabilidades de segurança encontradas na lista OWASP TOP10. Esta revisão sistemática visa identificar pesquisas, ferramentas e metodologias que proporcionam formas seguras de desenvolver sistemas Web. Inicialmente foram encontrados 165 trabalhos, sendo desses 89 selecionados como relevantes. Resultados apresentam os trabalhos que tratam das principais vulnerabilidades descritas na OWASP TOP 10, e as principais ferramentas e métodos para projeto e desenvolvimento de um software seguro.

show abstract

“…A lot of research work has been carried out [8][9][10][11][12]. In the actual business production process of an enterprise, it is not only necessary to enhance the security development awareness and code specifications of code developers, but also necessary to have good security detection for the upcoming web applications.…”

Section: Introductionmentioning

confidence: 99%

The Application of Computer Intelligence in the Cyber-Physical Business System Integration in Network Security

Shi

Lü

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

In order to address the false alarm detection problem caused by the inability to identify the transgression scene pages in the process of horizontal transgression detection, this study proposes a deep learning-based LSTM-AutoEncoder unsupervised prediction model. The model uses long short-term memory network to build AutoEncoder, extracts text features of page response data of horizontal transgression scenario, and reconstructs text features to restore. Meanwhile, it counts the error between the restored result and the original page response, judges whether the detection result of horizontal transgression is false alarm according to the error threshold of unknown page, and tests the effectiveness of the model effect under real business data by comparing it with other two algorithms, one-class SVM and AutoEncoder, which provides security for enterprise network business. The results show that the LSTM-AutoEncoder model achieves a more balanced index in terms of accuracy, precision, recall, and F1-score in the case of MAE, which is 0.3% more and 0.2% more than the case of MSE in terms of recall and accuracy. It is concluded that the LSTM-AutoEncoder model is more in line with the real business requirements, and the simple model architecture selected for this study can reduce the complexity of the model, speed up the prediction time of the model in the application phase, and improve the performance of the detection software. This indicates that this study has some application prospects in network security.

show abstract

Vulnerability Assessment and Penetration Testing of Web Application

Cited by 41 publications

References 0 publications

Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating

Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

The Application of Computer Intelligence in the Cyber-Physical Business System Integration in Network Security

Contact Info

Product

Resources

About