Skip to main content
SpringerLink
Log in

A Fuzzy Classifier-Based Penetration Testing for Web Applications

  • Conference paper
  • First Online:
Proceedings of the International Conference on Information Technology & Systems (ICITS 2018) (ICITS 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 721))

Included in the following conference series:

Abstract

The biggest challenge of Web application is the inestimable losses arising from security flaws. Two approaches were advanced by a number of scholars to provide security to Web space. One of such approach is vulnerability assessment, which is a conscious effort to isolate, identify and recognize potentials vulnerabilities exploited by attackers. The second being the estimation and determination of level of risks/threats posed to Web applications by vulnerabilities obvious to the developer (or tester); this is generally referred to as penetration testing. Recently, there is Vulnerability Assessment and Penetration Testing (VAPT) that combined these two schemes to improve safety and effectively combat the menace of attackers on Web applications. This paper proposed Fuzzy Classifier-based Vulnerability and Assessment Testing (FCVAPT) model to provide security for sensitive data/information in Web applications. Cross Site Scripting (XSS) and Structured Query Language (SQL) injections were selected for evaluation of proposed FCVAPT model. FCVAPT model’s classification performance for MSE, MAPE and RMSE were 33.33, 14.81% and 5.77% respectively. FCVAPT is considerably effective for detecting vulnerability and ascertaining the nature of threats/risks available to Web applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Doshi, J., Trivedi, B.: Comparison of vulnerability assessment and penetration testing. Int. J. Appl. Inf. Syst. 8(6), 51–54 (2015)

    Google Scholar 

  2. Ruse, M.E.: Modelling checking techniques for vulnerability analysis of web applications. Unpublished Ph.D. thesis, Department of Computer Science, Iowa State University, Ames, USA, pp. 1–90 (2013)

    Google Scholar 

  3. Aghariya, T.: Security testing on web application. Unpublished M.Eng. thesis, Department of Software Engineering, Charles Darwin University, Darwin, Australia, pp. 1–93 (2015)

    Google Scholar 

  4. Samant, N.: Automated penetration testing. Unpublished M.Sc. thesis, Department of Computer Science, San Jose State University, California, USA, pp. 1–69 (2011)

    Google Scholar 

  5. Jovanovic, N., Kruegel, K., Kirda, E.: Precise alias analysis for static detection of web application vulnerabilities. In: Proceedings of Programming Languages and Analysis for Security, New York, pp. 27–36. ACM press (2006)

    Google Scholar 

  6. Petukhov, A., Kozlov, D.: Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. Computing Systems Lab, Department of Computer Science, Moscow State University, pp. 1–120 (2008)

    Google Scholar 

  7. Chen, J.M., Wu, C.L.: An automated vulnerability scanner for injection attack based on injection point. In: Proceedings of International Computer Symposium, pp. 113–118 (2010)

    Google Scholar 

  8. Li, X., Xue, Y.: BLOCK: a black-box approach for detection of state violation attacks towards web applications. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 247–256 (2011)

    Google Scholar 

  9. Salas, M.I.P., Martins, E.: Security testing methodology for vulnerabilities detection of XSS in Web Services and WS-Security. Electron. Notes Theor. Comput. Sci. 302, 133–154 (2014)

    Article  Google Scholar 

  10. McAllister, S., Kirda, E., Kruegel, C.: Leveraging user interactions for in-depth testing of web applications. In: Proceedings of Recent Advances in Intrusion Detection, pp. 191–210. Springer, Berlin, Heidelberg (2008)

    Google Scholar 

  11. Doupe, A.L.: Advanced automated web application vulnerability analysis. Unpublished Ph.D. thesis, Department of Computer Science, University of California, Santa Barbara, USA, pp. 1–227 (2014)

    Google Scholar 

  12. Shelly, D.A.: Using a web server test bed to analyse the limitations of web application vulnerability scanners. Unpublished M.Sc. thesis, Department of Computer Engineering, Virginia Polytechnic Institute and State University, Blacksburg, USA, pp. 1–98 (2010)

    Google Scholar 

Download references

Acknowledgements

We acknowledge the support and sponsorship provided by Covenant University through the Centre for Research, Innovation and Discovery (CUCRID).

Author information

Authors and Affiliations

  1. Federal University of Technology, Minna, Nigeria

    J. K. Alhassan & A. Umar

  2. Covenant University, Ota, Nigeria

    Sanjay Misra & Adewole Adewumi

  3. Kaunas University of Technology, Kaunas, Lithuania

    Rytis Maskeliūnas & Robertas Damaševičius

Authors
  1. J. K. Alhassan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sanjay Misra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Umar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rytis Maskeliūnas
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Robertas Damaševičius
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Adewole Adewumi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to J. K. Alhassan .

Editor information

Editors and Affiliations

  1. DEI/FCT, Universidade de Coimbra, Coimbra, Portugal

    Álvaro Rocha

  2. Systems Department, Universidad Estatal Península de Santa Elena, La Libertad, Ecuador

    Teresa Guarda

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alhassan, J.K., Misra, S., Umar, A., Maskeliūnas, R., Damaševičius, R., Adewumi, A. (2018). A Fuzzy Classifier-Based Penetration Testing for Web Applications. In: Rocha, Á., Guarda, T. (eds) Proceedings of the International Conference on Information Technology & Systems (ICITS 2018). ICITS 2018. Advances in Intelligent Systems and Computing, vol 721. Springer, Cham. https://doi.org/10.1007/978-3-319-73450-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-73450-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-73449-1

  • Online ISBN: 978-3-319-73450-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation