Technique to Thwart Brute-Force Attack : A Survey

James, Lijimol; Dileesh, E D

doi:10.32628/ijsrset207139

“…Kerangka kerja penelitian tiap tahapnya memiliki keterkaitan dengan tahap berikutnya [14]. Penelitian dimulai dengan mengidentifikasi masalah pada webserver aplikasi, melakukan observasi langsung webserver aplikasi, melakukan studi literatur mengenai penetrasi testing, menerapkan metode yang digunakan, melakukan hasil dan pembahasan serta membuat kesimpulan dan saran [15].…”

Section: Kerangka Kerja Penelitianunclassified

Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar

Pohan

¹

,

Yunus

²

,

Sumijan

³

2021

JSisfotek

7

0

View full text Add to dashboard Cite

Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely Brute Force Page Login.

show abstract

“…In Recent Times, a massive number of malwares has been devised for attacking IoT systems [75,76] Control flow side-channel assessment [77], software integrity validation, malware detector [78], Security updates [79] (continued) Reverse Engineering All An attempt to analyze the firmware of IoT devices to reach sensitive data i.e., users' credentials [93] Self-destruction and Tamper proofing, IC/IP Obfuscation and encryption [94,95] (continued) Identity and access management, authentication, multi-factor authentication guidance, dynamic credentials [100] Brute-force attacks S4, S6 An active attack hinges on a trial-and-error strategy to obtain some data such as passwords, finance, identifiers. It employs automatic software to engender a massive amount of successive suppositions to decrypt the ciphertext [85,86] Locking out IP address, discovery tools, brute force site scanning tools [101] Data exposure attacks…”

Section: Allmentioning

confidence: 99%

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Abdel‐Basset

¹

,

Moustafa

²

,

Hawash

³

et al. 2021

Deep Learning Techniques for IoT Security and Privacy

1

0

View full text Add to dashboard Cite

This chapter elaborates on different security aspects to be taken into accounts during the development and the deployments of IoT architecture. To make the reader about the security of the IoT based system, this chapter begins by defining the contemporary security requirements that should be considered to realize a reliable and trustworthy IoT environment. Then, the discussion extends to differentiate different concepts of IoT security i.e., threat, vulnerability, countermeasure, attacks, risks; and also explain how the concepts relate to each other. Later, a systematic taxonomy is presented for classifying IoT attacks according to IoT assets, where each class of IoT is further classified into more subcategories. Finally, the discussion of each elaborate different categories of IoT attack indicating their main security targets and possible IoT countermeasures.To sum up, this chapter intends to provide a comprehensive overview regarding IoT security vulnerabilities, threats, countermeasures, risks along with practices of handling them all through the following sections: • Security Requirements in Internet of Things • IoT threats, Attacks, vulnerabilities, and risks • Today's IoT attacks and Countermeasures • IoT attack surfaces • Summary and Learnt Lessons.

show abstract

“…Kerangka Kerja PenelitianKerangka kerja penelitian tiap tahapnya memiliki keterkaitan dengan tahap berikutnya[14]. Penelitian dimulai dengan mengidentifikasi masalah pada webserver aplikasi, melakukan observasi langsung webserver aplikasi, melakukan studi literatur mengenai penetrasi testing, menerapkan metode yang digunakan, melakukan hasil dan pembahasan serta membuat kesimpulan dan saran[15].Metode Penetration Testing Execution Standar dapat diterapkan pada webserver aplikasi pelaporan pajak daerah. Kategori keamanan aplikasi yang sebelumnya pada kategori Medium dengan 7 buah jenis kerentanan dapat diturunkan menjadi kategori Low dengan hanya 1 buah jenis kerentanan, sehingga keamanan webserver aplikasi pelaporan pajak daerah dapat ditingkatkan.…”

unclassified

Improving Webserver Security for Local Tax Reporting Applications Using Standard Penetration Testing Execution Methods

Pohan¹,

Yunus²,

Sumijan³

2020

JSisfotek

0

View full text Add to dashboard Cite

Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely BruteForce Page

show abstract

Technique to Thwart Brute-Force Attack : A Survey

Cited by 3 publications

References 10 publications

Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar

Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Improving Webserver Security for Local Tax Reporting Applications Using Standard Penetration Testing Execution Methods

Contact Info

Product

Resources

About