Web Application and Penetration Testing

2019

Now days, every business of any domain that is education, sports, heath, gaming, service etc or any government organization are online i.e. they have a web application. Each and every web application have large amount of confidential data related to their users or important data about their organization and it can be extremely destructive if it goes in the hand of wrong and unauthorized person. This paper focuses on determining whether the developed web application is secured against different and most destructive types of web attacks or not. This paper not only describes about destructive web application attacks but it also elaborates each and every step a pen tester need to follow to detect each type of vulnerability, and how to exploit it to perform unauthorized actions as firstly it is necessary to find whether an application is vulnerable to any attack or not before directly going towards taking all precaution steps towards all type of vulnerability. And moreover penetration te...

International journal of safety and security engineering, 2024

The increasing use of the internet has led to a growing number of security threats. Computers, smartphones, smartwatches, and other mobile devices associated with the internet face different threats and exploits. In those cases, different services are provided through web applications only. Those applications are vulnerable to hacking. There are over 1.9 billion websites today, and everything is connected to the network. According to the new national vulnerability database update, 10,683 weaknesses were found in web applications in the first quarter of 2023. The websites have the most significant details of the clients, like personal details, financial details, and so on. Checking all the web application weaknesses is not a silver bullet. So, vulnerability scanners play a significant role in web application security. Vulnerability analysis and penetration testing are two distinct vulnerability types of testing. These tests can help identify all the vulnerabilities in a web application, even those not detected by vulnerability scanners. While certain users access this vulnerability analysis data with just honest goals, like creating some security measures to avoid those vulnerabilities, some utilize it to recognize ways of destroying significant information and records of websites. As it is notable, the term penetration testing is also ethical hacking. The current paper aims to investigate penetration testing on web applications. The paper discusses the different types of penetration testing, the tools and techniques used, and the benefits of penetration testing. It also suggests the challenges of penetration testing and the steps that can be taken to mitigate these challenges.

International Journal of Scientific & Technology Research, 2018

May you survive in fascinating times" can be an English phrase claiming to be considered an interpretation of the traditional Chinese curse. Cyber Security risks are becoming top concerns as we find out frequent data breach occurrences on regular basis now a days from organizations like Equifax, Anthem, JP Morgan Chase and other large corporations. As per IBM this year's global average cost of data breach is $3.62 million. Findings from NIST (National Institute of Standards and Technology) shows that 92% of security vulnerabilities exists at the application layer not in the network layer. In this research paper; subsequent subject areas discussed-Introduction to Cyber security, Web applications security challenges, Top web applications vulnerabilities and conclusion with approaches and mindset to comprehend for developers and security testers.

2019

Safety of information is needed either in private sector or business for protection from market with competitive secrets or only for privacy. Advantages of internet and web applications is that they are accessible from everyone, but in business word data should be safe, reliable accessible. Although these are not new problems and always had different solutions to these problems, we always need to be on the cutting edge with new attacks that appear every day and to try to achieve a greater security. In this paper we present some of the most dangerous forms of risk which are risking web applications in year 2015/2016.we will demonstrate step by step how to achieve unauthorized access from web application inside server system and we will explain why is happened for our analysis that we have done. In testing stages we used some parts of real tests that we have done on several web applications, with Penetration Testing Methods which is procedure for testing and documentations including i...

International Journal For Science Technology And Engineering, 2021

The Study on web penetration testing and vulnerability assessment focus on the evaluation of the various vulnerabilities, and tools required to penetrate these vulnerabilities. It focuses on the development of making web applications secure before the intruder tries to attack the web application. It also provides the idea to assess the vulnerabilities and introduce different preventive measures that will help in preventing intruders from accessing sensitive information. The experiments are done using open-source software which is freely available on the internet. OWASP WAP (Damn Vulnerable Web Application) and RIPS (Buggy Web Application) already have the vulnerabilities and are mainly used for the study purpose and analyses of the result. With this study, one can understand how ethical hacking activities are performed and also place necessary security measures in protecting the organization. A similar study practice can be performed over real-life websites and networks for testing the vulnerability and carry out the assessments.

International Journal for Research in Applied Science and Engineering Technology IJRASET, 2020

As technology changes, it becomes increasingly challenging for businesses of all types to keep their personal and customer's information on the web secure. Web security is important to keeping hackers and cyber-thieves from accessing sensitive information. Without a proactive security strategy, businesses risk the spread and escalation of malware, attacks on other websites, networks, and other IT infrastructures. If a hacker is successful, attacks can spread from computer to computer, making it difficult to find the origin. This project deals with preventing the potential errors while developing a basic website in order to prevent it from possible cyber-attacks. Cyber-attacks will be performed on unsecured site and then its vulnerabilities will be compared with the secured site.

International Journal of Computer Applications, 2014

Due to the increasing complexity of web systems, security testing has become indispensable and critical activity of web application development life cycle. Security testing aims to maintain the confidentiality of the data, to check against any information leakage and to maintain the functionality as intended. It checks whether the security requirements are fulfilled by the web applications when they are subjected to malicious input data. Due to the rising explosion in the security vulnerabilities, there occurs a need to understand its unique challenges and issues which will eventually serve as a useful input for the security testing tool developers and test managers for their relative projects.

IJASSR, 2019

By taking advantage of vulnerability, Cyber criminals is easily able to steal confidential data of the ICT, results in heavy loss. Vulnerability Assessment and penetration testing is a special approach to eliminate various security threats from the web application. By focusing high risk vulnerability such as SQL Injection, Cross Site Scripting, Local File Inclusion and Remote File Inclusion, in this paper, we have surveyed literatures to study the general mechanics of VAPT process and gather tools which can be useful during VAPT process.

2020

Now a day many Webapps are being developed which on the one hand are beneficial but on the same part contains a lot of vulnerabilities. Most of the work which remains untouched is web security. Online shopping and web services are increasing at rapid rate. Cross Site Request forgery(CSRF) and Cross side scripting(XSS) are some of the top vulnerabilities. Going through this paper, we will cover a lot of vulnerabilities that are present in webapps and will be presenting some real world threats to the web apps. The vulnerabilities will be found out by the help of penetration testing. Various threat models for the vulnerabilities are also mentioned to give a good understanding about them. KeywordsCross Site Scripting, Penetration testing, Cross Site Request Forgery.

International Journal of Innovative Research in Computer and Communication Engineering, 2014

Internet is perhaps the most popular medium of sharing information today and its popularity is growing day by day. People refer to it for almost all sorts of reasons, and with growing usage the concept of security risks arises. Security risks arise mainly because the internet is a two-way medium. Personal information is shared over the internet through web-based applications which we use for many useful purposes like applying for passports, online ticket booking, online testing sites, social networking sites, etc. To ensure that the web-based applications offer full productivity and good security of the users’ information it is important that the development procedure of these applications be redefined keeping things like feasibility, security aspects, and problems that are likely to be faced during future maintenance in mind. We are proposing a novel and scientific technique for designing ideal web-based applications. This technique includes various testing methods like white-box t...