A Review on Web Application Vulnerability Assessment and Penetration Testing

Ravindran, Urshila; Potukuchi, Raghu Vamsi

doi:10.18280/rces.090101

Cited by 9 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Within this framework, this article provides a total of eight comprehensive labs dedicated to Android and iOS platforms, each exploring into distinct yet interconnected features of security testing. The subsequent sections introduce Android and iOS penetration testing [32], encompassing fundamental platform insights [33], essential open-source tools [34], and lab setup procedures [35]. Table 9 provides the eight pen testing labs for Android and iOS platforms.…”

Section: Mobile Penetration Testing Labsmentioning

confidence: 99%

Enhancing Mobile Security through Comprehensive Penetration Testing

Roshanaei

2024

JIS

View full text Add to dashboard Cite

In today's era, where mobile devices have become an integral part of our daily lives, ensuring the security of mobile applications has become increasingly crucial. Mobile penetration testing, a specialized subfield within the realm of cybersecurity, plays a vital role in safeguarding mobile ecosystems against the ever-evolving landscape of threats. The ubiquity of mobile devices has made them a prime target for cybercriminals, and the data and functionality accessed through mobile applications make them valuable assets to protect. Mobile penetration testing is designed to identify vulnerabilities, weaknesses, and potential exploits within mobile applications and the devices themselves. Unlike traditional penetration testing, which often focuses on network and server security, mobile penetration testing zeroes in on the unique challenges posed by mobile platforms. Mobile penetration testing, a specialized field within cybersecurity, is an essential tool in the Cybersecurity specialists' toolkit to protect mobile ecosystems from emerging threats. This article introduces mobile penetration testing, emphasizing its significance, including comprehensive learning labs for Android and iOS platforms, and highlighting how it distinctly differs from traditional penetration testing methodologies.

show abstract

Section: Mobile Penetration Testing Labsmentioning

confidence: 99%

Enhancing Mobile Security through Comprehensive Penetration Testing

Roshanaei

2024

JIS

View full text Add to dashboard Cite

show abstract

“…Vamsi et al [18] emphasized the critical importance of regular security testing and checks through vulnerability assessment and penetration testing (VAPT) to safeguard organizational data and maintain customer trust. They detail common web application security vulnerabilities and the prerequisites for conducting any security assessment, alongside the dos and don'ts in alignment with each vulnerability.…”

Section: Literature Reviewmentioning

confidence: 99%

Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT)

Alquwayzani,

Aldossri,

Frikha

2024

ijacsa

View full text Add to dashboard Cite

In today's digital age, both organizations and individuals heavily depend on web applications for a wide range of activities. However, this reliance on the web also opens up opportunities for attackers to exploit security weaknesses present in these applications. Web Application Firewalls (WAFs) are typically the first line of defense, protecting web apps by filtering and monitoring HTTP traffic. However, if these firewalls are not properly configured, they can be bypassed or compromised by attackers. The escalating number of attacks targeting web applications underscores the urgent need to enhance their security. This paper offers an in-depth review of existing research on web application Vulnerability Assessment and Penetration Testing (VAPT). Our unique contribution lies in the comprehensive synthesis and categorization of VAPT tools based on their optimal use cases, which provides a practical guide for selecting the appropriate tools for specific scenarios. Additionally, this study integrates emerging technologies such as artificial intelligence and machine learning into the VAPT framework, addressing the evolving nature of cyber threats. The paper also identifies common challenges encountered during the VAPT process and proposes actionable recommendations to overcome these obstacles. Furthermore, it discusses best practices such as secure coding practices and defense-in-depth strategies to improve the effectiveness and efficiency of VAPT efforts. By offering these insights, this paper aims to advance the current understanding and application of VAPT in enhancing the security of web applications and firewalls.

show abstract

“…OWASP ZAP is a standard open-source tool that performs better than other scanning tools with a user-friendly interface and is used for penetration testing; hence, this tool is usable by anyone with different abilities in security software [13]. In addition, OWASP ZAP is capable of critical scanning vulnerabilities such as SQL injection, Cross-Site Scripting, remote OS command, Path Traversal, External Redirect, and Remote File Inclusion [28]. Furthermore, OWASP ZAP can also detect command execution vulnerabilities due to high results for true and false positives, resulting in the researcher concluding that OWASP ZAP performs better than other vulnerability scanners [12].…”

Section: Owasp Zapmentioning

confidence: 99%

“…In 2018, HackerOne reported that Cross-site Scripting (XSS) vulnerability was a vulnerability commonly found in all types of websites, and 40 percent of all applications tested recorded by Veracode detected the existence of Cross-site Scripting (XSS) vulnerability [32]. However, according to a study by [28], the Cross-site Scripting (XSS) vulnerability is undetected in the government websites in Malaysia, which also shows that this type of vulnerability in the Malaysian SMEs' websites was low.…”

Section: Total Web Vulnerabilities In the Malaysian Smes' Websitesmentioning

confidence: 99%

Analysis of Web Vulnerability Using Open-Source Scanners on Different Types of Small Entrepreneur Web Applications in Malaysia

Alya Geogiana Buja,

Nurul Natasha Mohamad Amirul Asri Low,

Anwar Farhan Zolkeplay

et al. 2024

ARASET

View full text Add to dashboard Cite

Most of Malaysia’s small entrepreneurs have switched to online platforms as an alternative to their physical businesses. Social media sites such as TikTok, Instagram, Twitter, and Facebook provide free advertising tools and convenient access to a broader global target. However, security issues on these websites remain questionable as users are exposed to web attacks due to the vulnerabilities on the websites. Considering the cost and lack of awareness of the importance of cybersecurity, some organizations find it not profitable to invest in securing their websites. Therefore, this paper aims to test Malaysian small entrepreneurs’ web applications using open-source scanners and analyse the results of web vulnerabilities detected. To do so, two types of open-source scanners, OWASP ZAP and IRONWASP, were installed to scan five websites found through advertisements on social media sites. The web vulnerability identification was based on the top 5 OWASP web vulnerability reports, and the results showed that five types of web vulnerabilities were detected. The analysis of the results showed that the top 5 web vulnerabilities in Malaysian small entrepreneurs’ websites are the ‘Missing Session Timeout’ vulnerability with 81.84 percent, the ‘Sensitive Information Passed as Clear Text in GET URL’ vulnerability with 14.74 percent, and the ‘Session ID Cookies not Marked Secure’ vulnerability with 2.47 percent. This paper provides security analysis on Small Medium Enterprise (SME) websites for future enhancement and consideration during development and implementation to avoid possible attacks. Therefore, developers are advised to handle these vulnerabilities by carefully managing the session timeout, and users are recommended to log out from the websites immediately after they are done.

show abstract

A Review on Web Application Vulnerability Assessment and Penetration Testing

Cited by 9 publications

References 0 publications

Enhancing Mobile Security through Comprehensive Penetration Testing

Enhancing Mobile Security through Comprehensive Penetration Testing

Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT)

Analysis of Web Vulnerability Using Open-Source Scanners on Different Types of Small Entrepreneur Web Applications in Malaysia

Contact Info

Product

Resources

About