scholarly journals Improving Web Application Security Using Penetration Testing

2014 ◽  
Vol 8 (5) ◽  
pp. 658-663
Author(s):  
D. SriNithi ◽  
G. Elavarasi ◽  
T.F. Michael Raj ◽  
P. Sivaprakasam
Keyword(s):  
Web Application ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security

scholarly journals Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP)

2021 ◽  
Vol 18 (1) ◽  
pp. 77-86
Author(s):  
Syarif Hidayatulloh ◽  
Desky Saptadiaji
Keyword(s):  
Web Application ◽  
Web Server ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security

Universitas ARS adalah perguruan tinggi yang memanfaatkan website dalam melakukan kegiatan perkuliahannya. Seluruh informasi yang berkaitan dengan perkuliahan dimuat di website Universitas ARS. Banyak resiko yang akan terjadi apabila web server yang digunakan oleh website Universitas ARS tidak memiliki keamanan yang baik, banyak ancaman dari pihak yang tidak bertanggung jawab memanfaatkan celah keamanan untuk merugikan Universitas ARS. Tujuan penelitian ini adalah melakukan identifikasi kerentanan yang terdapat dalam website Universitas ARS dan melakukan pengujian serta analisis untuk mengetahui kondisi kerentanan website Universitas ARS menggunakan OWASP. Metode penelitian yang digunakan sebagai parameter keamanan website adalah OWASP Top-10 2017. Jumlah subdomain yang diuji adalah 5 subdomain yang teridentifikasi dengan melakukan scanning menggunakan tool TheHarvester diantaranya adalah https://universitas.ars.ac.id, http://mahasiswa.ars.ac.id, https://pmb.ars.ac.id, https://beasiswa.ars.ac.id, dan http://ejurnal.ars.ac.id. Hasil dari penelitian ini adalah ditemukannya kerentanan website Universitas ARS yang berhasil dipindai adalah 13 kerentanan. Dari 13 kerentanan tersebut ada 1 kerentanan yang berada pada tingkat ancaman yang sedang dan 12 berada pada tingkat ancaman yang rendah.   Berdasarkan seluruh pengujian kerentanan yang dilakukan dapat disimpulkan bahwa website Universitas ARS memiliki keamanan yang sangat baik, memenuhi ketiga aspek keamanan informasi, memiliki web server dan software sistem informasi akademik yang aman.

Automating Penetration Testing Within Ambiguous Testing Environment

2018 ◽  
Vol 8 (3) ◽  
Author(s):  
Lim Kah Seng ◽  
Norafida Ithnin ◽  
Syed Zainudeen Mohd Shaid
Keyword(s):  
Web Application ◽  
False Alarms ◽  
Testing Technique ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Testing Environment ◽  
Source Codes ◽  
Time Scaling ◽  
Scaling Down

Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment.  This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

Towards an Understanding of Web Application Security Threats and Incidents

2011 ◽  
Vol 7 (4) ◽  
pp. 54-69 ◽  
Author(s):  
Gerhard Steinke ◽  
Emanuel Tundrea ◽  
Kenmoro Kelly
Keyword(s):  
Web Application ◽  
Security Threats ◽  
Web Application Security ◽  
Application Security

DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

2021 ◽  
Vol 1 ◽  
pp. 84-90
Author(s):  
Rustam Kh. Khamdamov ◽  
◽  
Komil F. Kerimov ◽  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Personal Information ◽  
Database Security ◽  
Security Threats ◽  
Web Application Security ◽  
Application Security ◽  
Client Request ◽  
Database Protection ◽  
Information Bank

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

Sign in / Sign up

Export Citation Format

Share Document