Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government’s Website

Almaarif, Ahmad; Lubis, Muharman

doi:10.18517/ijaseit.10.5.8862

Cited by 9 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then, tampering occurs when attackers modify or edit official information and repudiation occurs at the time of someone execute certain action while later on try to claim the otherwise. It usually comes down to the specific activity process such as credit card transactions where users buy something and then claim they did not to obtain certain benefit [15]- [18]. On information disclosure, data breaches or unauthorized access to confidential information and denial of service (DoS) related to creating service interruptions for legitimate users and most recently related to elevation of privilege to gain higher privileged access to system elements 1645 by users with limited authority.…”

Section: Methodsmentioning

confidence: 99%

Vulnerability and risk assessment for operating system (OS) with framework STRIDE: comparison between VulnOS and Vulnix

Widjajarto

Lubis

Ayuningtyas

2021

IJEECS

Self Cite

View full text Add to dashboard Cite

The rapid development of information technology has made security become extremely. Apart from easy access, there are also threats to vulnerabilities, with the number of cyber-attacks in 2019 showed a total of 1,494,281 around the world issued by the national cyber and crypto agency (BSSN) honeynet project. Thus, vulnerability analysis should be conducted to prepare worst case scenario by anticipating with proper strategy for responding the attacks. Actually, vulnerability is a system or design weakness that is used when an intruder executes commands, accesses unauthorized data, and carries out denial of service attacks. The study was performed using the AlienVault software as the vulnerability assessment. The results were analysed by the formula of risk estimation equal to the number of vulnerability found related to the threat. Meanwhile, threat is obtained from analysis of sample walkthroughs, as a reference for frequent exploitation. The risk estimation result indicate the 73 (seventy three) for the highest score of 5 (five) type risks identified while later on, it is used for re-analyzing based on the spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of prvilege (STRIDE) framework that indicated the network function does not accommodate the existing types of risk namely spoofing.

show abstract

Section: Methodsmentioning

confidence: 99%

Vulnerability and risk assessment for operating system (OS) with framework STRIDE: comparison between VulnOS and Vulnix

Widjajarto

Lubis

Ayuningtyas

2021

IJEECS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, it highlights the significance of VAPT tools in streamlining the assessment and exploitation of vulnerabilities. Ahmad et al [5] conducted a study on the Vulnerability Assessment and Penetration Testing (VAPT) Framework, focusing on the case study of a government website. In this research, VAPT is highlighted as a technique to analyze the strengths and weaknesses of computer systems to ensure the implementation of security measures.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Almaarifa et al [5] propose a systematic VAPT framework to identify and prioritize vulnerabilities, demonstrating its effectiveness through a case study. This approach uncovers various security risks, from directory listings to critical SQL injections, highlighting the importance of regular VAPT practices to protect sensitive data and strengthen digital infrastructure against cyber threats.…”

Section: Literature Reviewmentioning

confidence: 99%

Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT)

Alquwayzani,

Aldossri,

Frikha

2024

ijacsa

View full text Add to dashboard Cite

In today's digital age, both organizations and individuals heavily depend on web applications for a wide range of activities. However, this reliance on the web also opens up opportunities for attackers to exploit security weaknesses present in these applications. Web Application Firewalls (WAFs) are typically the first line of defense, protecting web apps by filtering and monitoring HTTP traffic. However, if these firewalls are not properly configured, they can be bypassed or compromised by attackers. The escalating number of attacks targeting web applications underscores the urgent need to enhance their security. This paper offers an in-depth review of existing research on web application Vulnerability Assessment and Penetration Testing (VAPT). Our unique contribution lies in the comprehensive synthesis and categorization of VAPT tools based on their optimal use cases, which provides a practical guide for selecting the appropriate tools for specific scenarios. Additionally, this study integrates emerging technologies such as artificial intelligence and machine learning into the VAPT framework, addressing the evolving nature of cyber threats. The paper also identifies common challenges encountered during the VAPT process and proposes actionable recommendations to overcome these obstacles. Furthermore, it discusses best practices such as secure coding practices and defense-in-depth strategies to improve the effectiveness and efficiency of VAPT efforts. By offering these insights, this paper aims to advance the current understanding and application of VAPT in enhancing the security of web applications and firewalls.

show abstract

“…The biggest challenge for most mobile systems is related to cybersecurity threats, as mobile payments can be affected by cyber-attacks and require sophisticated approaches to achieve the desired security [9]. It is necessary to mitigate cyber dangers and threats [16]. Ease of use and trust influence the attitude toward using e-payment systems [17].…”

Section: Introductionmentioning

confidence: 99%

Investigating the Security Threats on Using M-Payment Applications in Saudi Arabia: Exploratory Study

Alotaibi¹,

Alghamdi²

2022

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

Online banking, debit cards, credit cards and mobile payments are the most common payment types in Saudi Arabia. This study explored security threats that affect m-payment applications in Saudi Arabia by interviewing 16 IT professionals to explore their insights and opinions about those security threats. Cybersecurity threats present the biggest challenge for most mobile systems, as mobile payments can be affected by cyber-attacks and require sophisticated approaches to achieve the desired security. In our study we report on the impact of security threats on the utilization of mobile payment applications and provide evidence related to those threats and their impact on the use of mobile payment applications. Evidence was provided regarding the security threats and their impact on using mobile payment applications. Information was also provided related to security threats such as Distributed Denial-of-Service, phishing attacks and malware. Although the participants in this study demonstrated a positive attitude regarding the safety and security of mobile payments, they also highlighted the security threats that impact m-payments. The results showed that the three main threats in Saudi Arabia were Distributed Denial-of-Service (DDoS), phishing attacks and Malware (Malicious software). This study makes two contributions. The first is to theory, by filling the gap in the literature because it is the first study to explore the threats to using m-payment in Saudi Arabia. Secondly, this study contributes to practice by providing a clear picture for service providers and users about threats they may face when using m-payment.

show abstract

Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government’s Website

Cited by 9 publications

References 15 publications

Vulnerability and risk assessment for operating system (OS) with framework STRIDE: comparison between VulnOS and Vulnix

Vulnerability and risk assessment for operating system (OS) with framework STRIDE: comparison between VulnOS and Vulnix

Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT)

Investigating the Security Threats on Using M-Payment Applications in Saudi Arabia: Exploratory Study

Contact Info

Product

Resources

About