Effects of Cone Penetrometer Testing on Shallow Hydrogeology at a Contaminated Site

Penetration testing is a popular and instantaneous technique for subsurface mapping, contaminant tracking, and the determination of soil characteristics. While the small footprint and reproducibility of cone penetrometer testing makes it an ideal method for in-situ subsurface investigations at contaminated sites, the effects to local shallow groundwater wells and measurable influence on monitoring networks common at contaminated sites is unknown. Physical and geochemical parameters associated with cone penetrometer testing were measured from a transect of shallow groundwater monitoring wells adjacent to penetrometer testing. For wells screened above the depth of cone refusal, the physical advancement and retraction of the cone had a significant effect (p < 0.01) on water level for several pushes within 10 meters of a monitoring well, and a measured increase in specific conductivity. No effect on geochemistry or water level was observed in continuous monitoring data from wells screened below the depth of cone refusal, but variability in specific conductivity from these wells during penetration testing was only a fraction of the natural variation measured during precipitation events. Continuous measurements of specific conductivity and water level demonstrated that the effects of penetration testing have limited spatial and temporal distributions with a null effect post-testing.

Analysis and Evaluation of Wireless Network Security with the Penetration Testing Execution Standard (PTES)

The use of computer networks in an agency aims to facilitate communication and data transfer between devices. The network that can be applied can be using wireless media or LAN cable. At SMP XYZ, most of the computers still use wireless networks. Based on the findings in the field, it was found that there was no user management problem. Therefore, an analysis and audit of the network security system is needed to ensure that the network security system at SMP XYZ is safe and running well. In conducting this analysis, a tool is needed which will be used as a benchmark to determine the security of the wireless network. The tools used are Penetration Testing Execution Standard (PTES) which is one of the tools to become a standard in analyzing or auditing network security systems in a company in this case, namely analyzing and auditing wireless network security systems. After conducting an analysis based on these tools, there are still many security holes in the XYZ wireless SMP that allow outsiders to illegally access and obtain vulnerabilities in terms of WPA2 cracking, DoS, wireless router password cracking, and access point isolation so that it can be said that network security at SMP XYZ is still not safe

PERBANDINGAN SISTEM AUTENTIKASI WPA2 EAP-PSK PADA JARINGAN WIRELESS DENGAN METODE PENETRATION TESTING MENGGUNAKAN FLUXION TOOLS

aringan Nirkabel merupakan sekumpulan perangkat elektronik yang menghubungkan satu dengan yang lain memanfaatkan perangkat udara alias frekuensi jadi alur lintas data. Masa sekarang ini, ada banyak pengguna yang memanfaatkan WPA2-PSK ataupun WPA2-EAP menjadi security system jaringan nirkabel yang bertujuan untuk menghindari orang yang mengakses tanpa izin. Riset ini memakai teknik wireless penetration testing yang memakai fluxion tools dengan membandingkan dan menganalisis security system otentikasi WPA2 dengan EAP-PSK pada jaringan nirkabel yang bertujuan untuk mengetahui kerentanan sebuah sistem keamanan jaringan tersebut. Untuk melaksanakan penetration testing penulis mengacu terhadap “Wireless Network Penetration Testing Methodology.” Yang terdiri dari intelligence gathering, vulnerability analysis, threat modelling, password cracking, dan reporting. Dari penelitian ini akan menyimpulkan WPA2-PSK kurang aman untuk digunakan dikarenakan terlihat pada penetration testing tesrsebut WPA2-PSK berhasil dibobol dalam keadaan SSID unhide­, sedangkan WPA2-EAP berhasil dalam pembuatan Web Interface namun tidak berhasil dalam mendapatkan informasi seperti username dan passwor. Jika WPA2-PSK SSID dalam keadaan hide akan mengagalkan peretasan sehingga dari sistem keamanan kedua tersebut memiliki kelebihan dan kekurangan masing-masing tergantung kebutuhan pengguna.

Vulnerability Assessment and Penetration Testing On The Xyz Website Using Nist 800-115 Standard

Currently the website has become an effective communication tool. However, it is essential to have vulnerabilities assessment and penetration testing using specific standards on released websites to the public for securing information. The problems raised in this research are conducting vulnerability testing on the XYZ website to analyze security gaps in the XYZ website, as well as conducting penetration testing on high vulnerabilities found. Testing was conducted using the NIST 800 – 115 Standard through 4 main stages: planning, discovery, attack, and report. Several tools were used: Nmap, OWASP ZAP, Burp Suite, and Foxy Proxy. This research results are presented and analyzed. There were seven vulnerabilities found, one high-level vulnerability, two medium-level vulnerabilities, and four low-level vulnerabilities. At the high level, SQL Injection types are found, at the medium level, Cross-Domains Misconfiguration and vulnerabilities are found, at the low level, Absence of Anti-CSRF Tokens, Incomplete or No Cache-control and Pragma HTTP Header Set, Server Leaks Information via “X-Powered-By” HTTP Response Header Field and X-Content-Type-Options Header Missing are found.

Research on network security technology of industrial control system

The relationship between industrial control system and Internet is becoming closer and closer, and its network security has attracted much attention. Penetration testing is an active network intrusion detection technology, which plays an indispensable role in protecting the security of the system. This paper mainly introduces the principle of penetration testing, summarizes the current cutting-edge penetration testing technology, and looks forward to its development.

Mobile Security and Penetration Testing

This document offers data involving mobile security exploitation penetration testing. Compared to desktop computers the expansion of mobile devices is tremendous in this years. Mobile de- vices are integrated into daily activities of people’s life. Mobile Applications became a part of our daily lives in order that virtually each internet or desktop application may be executed from a smartphone i.e. social networking, online banking, gaming applications and many others. This document also includes about different types of Mobile security threats, Types of penetration testing, Phases of penetrating testing, Principles of testing and Security risk assessment model. Due to the expansion of mobile devices now a days, it opens vast scope for attackers to steal sensitive information or to perform other kinds of attacks on these devices . The main purpose is to know the vulnerability and technics that ac- customed to find vulnerabilities in mobile applications. In the paper we have studied differing kinds of security risks concerned in mobile devices and mobile applications and regarding varied defensive mechanism to stop these security risk in mobile devices.

Architecture and Model of Neural Network Based Service for Choice of the Penetration Testing Tools

During penetration testing of web applications, different tools are actively used to relieve the tester from repeating monotonous operations. The difficulty of the choice is in the fact that there are tools with similar functionality, and it is hard to define which tool is best to choose for a particular case. In this paper, a solution of the problem with making a choice by creating a Web service that will use a neural network on the server side is proposed. The neural network is trained on data obtained from experts in the field of penetration testing. A trained neural network will be able to select tools in accordance with specified requirements. Examples of the operation of a neural network trained on a small sample of data are shown. The effect of the number of neural network learning epochs on the results of work is shown. An example of input data is given, in which the neural network could not select the tool due to insufficient data for training. The advantages of the method shown are the simplicity of implementation (the number of lines of code is used as a metric) and the possibility of using opinions about tools from various experts. The disadvantages include the search for data for training, the need for experimental selection of the parameters of the neural network and the possibility of situations where the neural network will not be able to select tool that meets the specified requirements.