A Bug Tracking Tool for Efficient Penetration Testing

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

show abstract

“…The 25 most dangerous software errors [13] are classified into three groups according to the Specific Weakness Enumeration (CWE / SANS):…”

Section: Cross Site Scripting (Xss)mentioning

confidence: 99%

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Wibowo

Sulaksono

2021

Indonesian J. of Inf. Syst.

View full text Add to dashboard Cite

show abstract

“…4 [25]. The functionality provided by ZAP for various levels ranging from Developers and Security Testing Specialists [26]. The results received by the tester are in the form of reports from ZAP in the form of HTML and XML files.…”

Section: Introductionmentioning

confidence: 99%

Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework

Sunardi¹,

Riadi²,

Raharja³

2019

IJACSA

View full text Add to dashboard Cite

This paper reports on security concerns in the Evoting used for the election of village heads. Analysis of the system and server uses two different tools to determine the accuracy of scanning vulnerabilities based on the OWASP Framework. We reported that the results of the scanning using the ZAP tool got vulnerability information with the following risk level, one high level, three medium levels, and eleven low levels. The Arachni tool got vulnerability information with the following risk level, one high level, three medium levels, and two low levels. ZAP has a more complex vulnerability view than Arachni. Fatal findings on E-voting in this E-voting system is XSS, which impacts clients, which can be exploited by attackers to bypass security. Directory Traversal allows attackers to access directories and can execute commands outside of the web server's base directory. Cyber Hiscox Readiness report in 2018 in several European countries such as The United States, Britain, Germany, Spain, and the Netherlands, that the Attackers target through the most vulnerable security holes such as injection, Broken Authentication, Sensitive Data Exposure, XXE, Merged, Security Misconfiguration, XSS, Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging, and Monitoring. The purpose of cyberattacks alone can threaten the stability of the country and disturb other factors. E-voting, as part of an electronic government system, needs to be audited in terms of security, which can cause the system to disrupt.

show abstract

Information System Penetration Testing Using Web Attack Automated Simulation

Stetsenko

Savchuk

2020

Advances in Computer Science for Engineering and Education III

View full text Add to dashboard Cite

A Bug Tracking Tool for Efficient Penetration Testing

Cited by 5 publications

References 4 publications

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework

Information System Penetration Testing Using Web Attack Automated Simulation

Contact Info

Product

Resources

About