ABSTRACT
This project presents an approach to web application security that modifies general penetration testing tools to test for advanced vulnerabilities. As a proof of concept, the ZAP (Zed Attack Proxy) security tool was extended with functionality to find vulnerabilities such as server-side security misconfiguration, to test CABECTPortal (a website housing collaborations between multiple disciplines). By combining the general vulnerability checks built into tools like ZAP and the server-side maintenance checks that are normally conducted manually by system administrators and programmers, this project provides a more tailored approach to security testing that can be applied to any web application, making testing easier and more precise.
Index Terms
- Using CABECTPortal as a Case Study to Extend the Capabilities of Penetration Testing Tools (Abstract Only)
Recommendations
Penetration Testing on Virtual Environments
ICINS '16: Proceedings of the 4th International Conference on Information and Network SecuritySince the beginning, computer systems have faced the challenge of protecting the information with which they work, and with the technological development, computational security techniques have become more complex to face the potentials attacks. ...
Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition
Penetration testing is a key practice toward engineering secure software. Malicious actors have many tactics at their disposal, and software engineers need to know what tactics attackers will prioritize in the first few hours of an attack. Projects like ...
A Penetration Testing Method for E-Commerce Authentication System Security
ICMECG '09: Proceedings of the 2009 International Conference on Management of e-Commerce and e-GovernmentE-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ...
Comments