SQLi penetration testing of financial Web applications: Investigation of Bangladesh region

2015 ◽  
Author(s):  
Tanjila Farah ◽  
Delwar Alam ◽  
Md. Alamgir Kabir ◽  
Touhid Bhuiyan
Keyword(s):  
Web Applications ◽  
Penetration Testing

scholarly journals DEVELOPMENT OF THE METHODOLOGY FOR PENETRATION TESTING OF MOBILE AND WEB APPLICATIONS

2019 ◽  
Vol 9 ◽  
pp. 47-53
Author(s):  
Anastasia Melnikova ◽  
Igor Karmanov
Keyword(s):  
Information System ◽  
Information Security ◽  
Web Applications ◽  
Penetration Testing

The relevance of the topic is due to the fact that penetration testing (tests to overcome protection, penetration testing, pentest) is a worldwide popular service in the field of information security. The essence of such work is an authorized attempt to circumvent the existing set of protection means of information system. During testing, the auditor performs the role of an attacker motivated to violate the information security of customer's network. In article, features of penetration testing are thoroughly studied, a detail analysis of existing foreign solutions in the field of penetration testing is performed, a proprietary technique is developed and recommendations for improving the existing techniques are proposed.

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

An Improved Approach for SQL Injection Vulnerabilities Detection

2012 ◽  
Vol 263-266 ◽  
pp. 3017-3020
Author(s):  
Zong Zhi Zhang ◽  
Qiao Yan Wen ◽  
Zhao Zhang
Keyword(s):  
Web Applications ◽  
Security Vulnerabilities ◽  
Sql Injection ◽  
Penetration Testing

The attack of SQL injection is a well-known threat to web applications, which leads to great damages of confidentiality and integrity of information in databases. Therefore, it is essential for each web applications to detect SQL injection vulnerabilities and eliminate the hidden danger. In this paper, an approach based on penetration testing named YUKIER is proposed to achieve higher effectiveness and preciseness on identifying security vulnerabilities. We compare YUKIER with SQLiX and Paros Proxy, and the experiment results demonstrate that our proposed approach has the higher performances with respect to the existing circumstance.

scholarly journals Vulnerability Assessment of Web Applications using Penetration Testing

2019 ◽  
Vol 8 (4) ◽  
pp. 1552-1556
Keyword(s):  
Open Source ◽  
Vulnerability Assessment ◽  
Web Applications ◽  
Penetration Testing ◽  
Testing Methodology ◽  
Cyber Threats ◽  
The Right

In recent years, utilization of web applications, web hacking exercises have grown exponentially. Organizations are confronting extremely critical difficulties in anchoring their web applications from rising cyber threats, as bargain with the assurance issues don't appear to be the right approach. Vulnerability Assessment and Penetration Testing (VAPT) methods help us find these vulnerabilities / security loopholes in our systems even before an intruder could find a way to get it. This helps avoid zero-day exploits. This paper aims to elucidate the overview of Vulnerability Assessment and Penetration Testing and introduce the most efficient open source tools used to perform these tests. This paper also presents a combined VAPT testing methodology that incorporates strengths of several existing approaches, with the goal to understand their utility and benefit the most from the tests.

scholarly journals Security Assessment of Web Application through Penetration System Techniques

2017 ◽  
Author(s):  
Andysah Putera Utama Siahaan
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Security Assessment ◽  
Penetration Testing ◽  
A Site ◽  
Networking Security

The strength of a site can be tested in a way to attack. The test is penetration testing. Before a site is released, the security on network and web application must be completely safe and tested. This study aims to find loopholes and flaws in web applications. The object is a subject of research is the Universitas Pembangunan Panca Budi site (www.pancabudi.ac.id). This experiment used a simulated attack to test whether the site has adequate security. This penetration will collect information about the power of networking, security holes, and access. The result is the recommendation for security improvement. Concerning the results of penetration, the administrator can fix vulnerabilities that exist on the site.

scholarly journals Web Application Penetration Testing

2019 ◽  
Vol 8 (10) ◽  
pp. 1029-1035
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Detailed Knowledge ◽  
Penetration Test ◽  
Technical Approach ◽  
Security Vulnerabilities ◽  
Penetration Testing

This paper describes the in-depth technical approach to perform manual penetration test in web applications for testing the integrity and security of the application and also serves as a guide to test OWASP top 10 security vulnerabilities. The paper is more focused on providing detailed knowledge about manual web application penetration testing methodologies in order to secure them from malicious black hat hackers.

scholarly journals Architecture and Model of Neural Network Based Service for Choice of the Penetration Testing Tools

2021 ◽  
pp. 513-518
Author(s):  
Artem Tetskyi ◽  
Vyacheslav Kharchenko ◽  
Dmytro Uzun ◽  
Artem Nechausov
Keyword(s):  
Neural Network ◽  
Web Applications ◽  
Small Sample ◽  
Penetration Testing ◽  
Neural Network Learning ◽  
Server Side ◽  
Testing Tools ◽  
The Neural Network ◽  
Trained Neural Network ◽  
Selection Of

During penetration testing of web applications, different tools are actively used to relieve the tester from repeating monotonous operations. The difficulty of the choice is in the fact that there are tools with similar functionality, and it is hard to define which tool is best to choose for a particular case. In this paper, a solution of the problem with making a choice by creating a Web service that will use a neural network on the server side is proposed. The neural network is trained on data obtained from experts in the field of penetration testing. A trained neural network will be able to select tools in accordance with specified requirements. Examples of the operation of a neural network trained on a small sample of data are shown. The effect of the number of neural network learning epochs on the results of work is shown. An example of input data is given, in which the neural network could not select the tool due to insufficient data for training. The advantages of the method shown are the simplicity of implementation (the number of lines of code is used as a metric) and the possibility of using opinions about tools from various experts. The disadvantages include the search for data for training, the need for experimental selection of the parameters of the neural network and the possibility of situations where the neural network will not be able to select tool that meets the specified requirements.

Sign in / Sign up

Export Citation Format

Share Document