Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing

2013 ◽  
pp. 230-239 ◽  
Author(s):  
Nor Fatimah Awang ◽  
Azizah Abd Manaf
Keyword(s):  
Web Applications ◽  
Black Box ◽  
Penetration Testing

Research on Combine White-Box Testing and Black-Box Testing of Web Applications Security

2014 ◽  
Vol 989-994 ◽  
pp. 4542-4546 ◽  
Author(s):  
Jie Fan ◽  
Peng Gao ◽  
Cong Cong Shi ◽  
Ni Ge Li
Keyword(s):  
Web Application ◽  
Web Applications ◽  
New Technology ◽  
Black Box ◽  
Web Application Security ◽  
Testing Tools ◽  
Black Box Testing ◽  
Code Security ◽  
White Box Testing ◽  
Test Result

Contrary to high false positives rate of use White-box testing tools for Web application source code security and unable to locate vulnerabilities of use Black-box testing tools for Web application security, propose an effective method for combine White-box and Black-box testing tools of Web applications. This method will put the new technology of “Associated Files Matching Engine” into White-box testing tools, this test result and Black-box test result will be statistical analyzed and combined. Argumentation show, this method reduce the positives rate of White-box test result and be able to locate vulnerabilities where it is in file.

scholarly journals DEVELOPMENT OF THE METHODOLOGY FOR PENETRATION TESTING OF MOBILE AND WEB APPLICATIONS

2019 ◽  
Vol 9 ◽  
pp. 47-53
Author(s):  
Anastasia Melnikova ◽  
Igor Karmanov
Keyword(s):  
Information System ◽  
Information Security ◽  
Web Applications ◽  
Penetration Testing

The relevance of the topic is due to the fact that penetration testing (tests to overcome protection, penetration testing, pentest) is a worldwide popular service in the field of information security. The essence of such work is an authorized attempt to circumvent the existing set of protection means of information system. During testing, the auditor performs the role of an attacker motivated to violate the information security of customer's network. In article, features of penetration testing are thoroughly studied, a detail analysis of existing foreign solutions in the field of penetration testing is performed, a proprietary technique is developed and recommendations for improving the existing techniques are proposed.

DetLogic: A black-box approach for detecting logic vulnerabilities in web applications

2018 ◽  
Vol 109 ◽  
pp. 89-109 ◽  
Author(s):  
G. Deepa ◽  
P. Santhi Thilagam ◽  
Amit Praseed ◽  
Alwyn R. Pais
Keyword(s):  
Web Applications ◽  
Black Box ◽  
Logic Vulnerabilities

scholarly journals Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

2013 ◽  
Vol 2013 ◽  
pp. 1-10 ◽  
Author(s):  
Ying-Chiang Cho ◽  
Jen-Yi Pan
Keyword(s):  
Black Box ◽  
Testing System ◽  
Application Layer ◽  
Address Space ◽  
Web Crawler ◽  
Sql Injection ◽  
Penetration Testing ◽  
Injection Attacks ◽  
Ipv6 Protocol ◽  
Sql Injection Attacks

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out.

Black-box load testing to support auto-scaling web applications in the cloud

2021 ◽  
Vol 12 (2) ◽  
pp. 139
Author(s):  
Massimiliano Rak ◽  
Umberto Villano ◽  
Marta Catillo ◽  
Luciano Ocone
Keyword(s):  
Web Applications ◽  
Black Box ◽  
Load Testing ◽  
Auto Scaling

scholarly journals IMPLEMENTASI APLIKASI PENGELOLAAN SURAT MASUK DAN KELUAR BERBASIS WEB DI PRODI SISTEM INFORMASI

JURTEKSI ◽  
2020 ◽  
Vol 6 (2) ◽  
pp. 135-144
Author(s):  
Dian Nurdiana
Keyword(s):  
Information Systems ◽  
Web Applications ◽  
Black Box ◽  
Study Program ◽  
Web Based ◽  
Black Boxes ◽  
Management Application ◽  
Study Programs ◽  
Waterfall Model ◽  
Academic Services

Abstract: The Information Systems Study Program is one of the study programs at the Open University. The duties and responsibilities of the study program are managing academic and non-academic services. Management of incoming and outgoing mail is one of the tasks that must be carried out so that the service process is maximized. But the management is still manually so that problems occur such as difficulty in finding incoming or outgoing mail because it is still stored in folders, can only be accessed by one person because it is still stored on a computer and it is difficult to classify incoming mail. Therefore there must be a web-based incoming and outgoing mail management application. The purpose of this research is to implement a web-based incoming and outgoing mail application in the Information Systems Study Program. The model used for its development uses the waterfall model, while the testing model uses a black box. The results of this study are knowing the usability of implementing incoming and outgoing letters in the Information Systems Study Program.                  Keywords: Black Boxes; Outgoing Letters; Incoming Letters; Waterfalls; Web Applications.  Abstrak: Program Studi Sistem Informasi merupakan salah satu program studi yang ada di Universitas Terbuka. Tugas dan tanggung jawab program studi adalah mengelola layanan akademik maupun non akademik. Pengelolaan surat masuk dan surat keluar merupakan salah satu tugas yang harus dijalankan agar proses layanan menjadi maksimal. Namun pengelolaannya masih secara manual sehingga terjadi permasalahan seperti sulitnya mencari surat yang masuk atau surat yang keluar karena masih di simpan dalam folder-folder, hanya bisa di akses oleh satu orang karena masih disimpan dalam sebuah komputer dan sulit mengklasifikasikan surat yang masuk. Oleh sebab itu harus ada sebuah aplikasi pengelolaan surat masuk dan surat keluar berbasis web. Tujuan dari penelitian ini adalah mengimplementasikan aplikasi surat masuk dan surat keluar berbasis web di Program Studi Sistem Informasi. Model yang digunakan untuk pengembangannya menggunakan model watelfall, sedangkan model pengujiannya menggunakan black box. Hasil dari penelitian ini adalah mengetahui usability dari implementasi surat masuk dan surat keluar di Program Studi Sistem Informasi Kata kunci: Aplikasi Web; Black Box; Surat Keluar; Surat Masuk; Waterfall.

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

Sign in / Sign up

Export Citation Format

Share Document