A Penetration Testing Method for E-Commerce Authentication System Security

2009 ◽  
Author(s):  
Wei Pan ◽  
Weihua Li
Keyword(s):  
System Security ◽  
Penetration Testing ◽  
Testing Method ◽  
Authentication System

scholarly journals PENGUJIAN KERENTANAN SISTEM DENGAN MENGGUNAKAN METODE PENETRATION TESTING DI UNIVERSITAS XYZ

2021 ◽  
Vol 7 (1) ◽  
pp. 41-46
Author(s):  
Jusia Amanda Ginting ◽  
I Gusti Gusti Ngurah Suryantara
Keyword(s):  
Information Security ◽  
System Security ◽  
Data Loss ◽  
Penetration Testing ◽  
Security Controls ◽  
Testing Method ◽  
Sense Of Security ◽  
Or Organization ◽  
The Impact ◽  
A Company

Awareness of information security will be a priority in the event of data loss or damage. This certainly harms the performance of a company or organization due to unpreparedness to resolve or minimize risks that can occur. The impact that occurs on the security system used is that the system cannot provide a sense of security because the system used and has security holes that can be used to exploit systems and networks at XYZ University. This study aims to examine the internal and external security controls of the system by identifying threats that can pose serious problems to assets at XYZ University by using the penetration testing method, the results can be used as a benchmark in measuring the weaknesses of the network and system from external attacks. The goal is to implement preventive controls against risks that can occur to improve system security at XYZ University.

scholarly journals Wireless Penetration Testing Method To Analyze WPA2-PSK System Security And Captive Portal

EXPLORE ◽  
2019 ◽  
Vol 9 (1) ◽  
pp. 1 ◽  
Author(s):  
Erfan Wahyudi ◽  
Muhammad Masjun Efendi
Keyword(s):  
Wireless Network ◽  
System Security ◽  
Wireless Security ◽  
Security System ◽  
Portal System ◽  
Security Systems ◽  
Penetration Testing ◽  
Wireless Network Security ◽  
Testing Method ◽  
Security Problem

One of the major changes in the telecommunications sector is the use of wireless technology. But many problems that must be faced when implementing this wireless network, one of which is a security problem. Many people are still questioning about wireless security, and many others believe that wireless security systems using WPA2-PSK are more secure than other wireless security systems. However, based on the results of literature studies conducted, a wireless security system that really can provide more secure security is to use the system security Remote Authentication Dial-In User Servers (RADIUS) server. While at present, many parties still use WPA2-PSK as their wireless security system to avoid the possibility of unauthorized use of internet access by unauthorized people. This study aims to analyze the comparison of the two wireless network security systems above. The test was performed using wireless penetration testing method, and the result stated that 80% of Security Captive Portal system is more secure than WPA2-PSK.

Establishing Software Integrity Trust

2010 ◽  
pp. 78-100
Author(s):  
Yongzheng Wu ◽  
Roland H.C. Yap ◽  
Rajiv Ramnath ◽  
Felix Halim
Keyword(s):  
Operating System ◽  
Vulnerability Assessment ◽  
System Security ◽  
Public Key ◽  
Security Measures ◽  
Confidential Data ◽  
Integrity Protection ◽  
Authentication System ◽  
Design Factors ◽  
Microsoft Windows

Malware causes damage by stealing confidential data or making other software unusable. Ensuring software trustworthiness is difficult because malware may disguise itself to appear benign or trusted. This chapter explores the problem of making software more trustworthy through the use of binary integrity mechanisms. The authors review the problem of devising an effective binary integrity protection, and discuss how it complements other operating system security measures. They analyze design factors for binary integrity and compare existing systems. The authors then present a prototype which exemplifies a mandatory binary integrity mechanism and its integration within an operating system. Their system, BinAuth, demonstrates a practical, lightweight in-kernel binary authentication system for Microsoft Windows. A system like BinAuth shows that mandatory authentication is practical on complex commodity operating system like Windows. To deal with various constraints in the user’s environments, BinAuth uses a flexible scheme which does not mandate public key infrastructure (PKI) although it can take advantage of it. The authors also combine the authentication with a simple software-ID scheme which is useful for software management and vulnerability assessment.

scholarly journals A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things

Sensors ◽  
2019 ◽  
Vol 19 (13) ◽  
pp. 2985 ◽  
Author(s):  
Wencheng Yang ◽  
Song Wang ◽  
Jiankun Hu ◽  
Ahmed Ibrahim ◽  
Guanglou Zheng ◽  
...  
Keyword(s):  
Internet Of Things ◽  
User Authentication ◽  
System Security ◽  
Random Projection ◽  
Biometric Data ◽  
Iot Security ◽  
Biometric Systems ◽  
Authentication System ◽  
Iot Devices ◽  
The Internet Of Things

Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique—steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques.

scholarly journals ANALISA DAN PROBLEM SOLVING KEAMANAN ROUTER MIKROTIK RB750RA DAN RB750GR3 DENGAN METODE PENETRATION TESTING (STUDI KASUS: WARNET AULIA.NET, TANJUNG HARAPAN LAMPUNG TIMUR)

2018 ◽  
Vol 1 (2) ◽  
pp. 118-124
Author(s):  
Arif Hidayat ◽  
Ismail Puji Saputra
Keyword(s):  
Operating System ◽  
Problem Solving ◽  
Network Security ◽  
Information And Communication Technology ◽  
Communication Technology ◽  
Human Life ◽  
Penetration Testing ◽  
Testing Method ◽  
Information And Communication ◽  
Alternative Solutions

Information and communication technology is something that is difficult to separate from human life in the present era. One example of information and communication technology is a network of proxy routers. This study uses the penetration testing method, which aims to analyze the security system of the proxy router that has been applied to Warnet Aulia.net. In analyzing network security, the Mikrotik Router is done by the method of penetration testing where the form of attacks on the network is simulated. In this study Python and Winboxpoc.py were successfully run on the Windows 10 operating system. The results of this study indicate that the network security owned by the Aulia.net cafe network still has many gaps to exploit. As for the results of some attacks, it shows serious things in terms of exploitation, such as the output of getting a proxy router password and username. Therefore, this study also provides a solution on how to prevent the mikrotik router from being exploited. Problem solving is explained using several alternative solutions, so that practitioners or network technicians are expected to be able to utilize knowledge related to the results of this study in order to secure the router.

Biometric Authentication: System Security and User Privacy

Computer ◽  
2012 ◽  
Vol 45 (11) ◽  
pp. 87-92 ◽  
Author(s):  
Anil K. Jain ◽  
Karthik Nandakumar
Keyword(s):  
System Security ◽  
Biometric Authentication ◽  
User Privacy ◽  
Authentication System

scholarly journals A Model Based Security Testing Method for Protocol Implementation

2014 ◽  
Vol 2014 ◽  
pp. 1-10 ◽  
Author(s):  
Yu Long Fu ◽  
Xiao Long Xin
Keyword(s):  
Security Protocol ◽  
Automatic Verification ◽  
Test Cases ◽  
Extended Model ◽  
Security Testing ◽  
Penetration Testing ◽  
Protocol Implementation ◽  
Verification Method ◽  
Testing Method ◽  
Specific Protocol

The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

scholarly journals Bangkolo: Aplikasi Vulnerability Identification Berbasis Hybrid Apps

2020 ◽  
Vol 3 (1) ◽  
pp. 39-44
Author(s):  
Dedy Hariyadi ◽  
Fazlurrahman Fazlurrahman ◽  
Hendro Wijayanto
Keyword(s):  
Information System ◽  
Information Systems ◽  
User Interface ◽  
System Security ◽  
Graphic User Interface ◽  
Command Line ◽  
Information Systems Security ◽  
Command Line Interface ◽  
Penetration Testing ◽  
Systems Security

Keamanan merupakan hal penting dalam sistem maupun jaringan dalam melindungi data informasi. Tingginya tingkat laporang celah keamanan dari Edgescan menunjukkan masih minimnya pengembang sistem dan jaringan dalam hal menutamakan keamanan. Information System Security Assesment Framework (ISSAF) merupakan metodologi penetration testing yang dikembangkan oleh Open Information Systems Security Group. Dalam framework tersebut terdiri dari tiga fase, yaitu Planing and Preparation, Assessment dan Reporting, Clean-up and Destroy Astefacts. Dalam melakukan Vulnerabilities Identification diperlukan tools untuk mengetahui potensi celah keamanan dalam bentuk laporan. Ini sangat diperlukan untuk mempermudah analisis, penggunaan dan meminimalisir biaya pentesting. Selama ini tools pentesting kebanyakan masih menggunakan model Command Line Interface (CLI) sehingga sulit digunakan oleh orang awam. Sehingga diperlukan tools berbasis Graphic User Interface (GUI). Dengan pendekatan Hybrid Apps dapat dikembangkan aplikasi pentesting berbasis Graphic User Interface  yang memanfaatkan kelebihan teknologi native dan web. Bangkolo merupakan aplikasi untuk pentesting yang dikembangkan dari framework ISSAF dan pendekatan Hybrid Apps.

Sign in / Sign up

Export Citation Format

Share Document