poster

Using CABECTPortal as a Case Study to Extend the Capabilities of Penetration Testing Tools (Abstract Only)

Author:
Derek M. Duchesne

The College of New Jersey, Ewing, USA

The College of New Jersey, Ewing, USA
View Profile

SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science EducationFebruary 2015Pages 715https://doi.org/10.1145/2676723.2693629

Published:24 February 2015Publication History

SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science Education

Pages 715

ABSTRACT

This project presents an approach to web application security that modifies general penetration testing tools to test for advanced vulnerabilities. As a proof of concept, the ZAP (Zed Attack Proxy) security tool was extended with functionality to find vulnerabilities such as server-side security misconfiguration, to test CABECTPortal (a website housing collaborations between multiple disciplines). By combining the general vulnerability checks built into tools like ZAP and the server-side maintenance checks that are normally conducted manually by system administrators and programmers, this project provides a more tailored approach to security testing that can be applied to any web application, making testing easier and more precise.

Index Terms

Using CABECTPortal as a Case Study to Extend the Capabilities of Penetration Testing Tools (Abstract Only)
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Penetration Testing on Virtual Environments
ICINS '16: Proceedings of the 4th International Conference on Information and Network Security

Since the beginning, computer systems have faced the challenge of protecting the information with which they work, and with the technological development, computational security techniques have become more complex to face the potentials attacks. ...
Read More
Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition
Penetration testing is a key practice toward engineering secure software. Malicious actors have many tactics at their disposal, and software engineers need to know what tactics attackers will prioritize in the first few hours of an attack. Projects like ...
Read More
A Penetration Testing Method for E-Commerce Authentication System Security
ICMECG '09: Proceedings of the 2009 International Conference on Management of e-Commerce and e-Government

E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science Education
February 2015
766 pages
ISBN:9781450329668
DOI:10.1145/2676723
General Chairs:
Adrienne Decker
Rochester Institute of Technology
,
Kurt Eiselt
University of British Columbia
,
Program Chairs:
Carl Alphonce
University at Buffalo
,
Jodi Tims
Baldwin Wallace College
Copyright © 2015 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 February 2015
Check for updates
Author Tags
fuzzing
penetration testing
vulnerabilities
web application security
Qualifiers
- poster
Conference

Acceptance Rates
SIGCSE '15 Paper Acceptance Rate105of289submissions,36%Overall Acceptance Rate1,595of4,542submissions,35%
More
Upcoming Conference
SIGCSE Virtual 2024

Sponsor:

sigcse

SIGCSE Virtual 2024: ACM Virtual Global Computing Education Conference

December 5 - 7, 2024

Virtual Event , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 0
  Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

Using CABECTPortal as a Case Study to Extend the Capabilities of Penetration Testing Tools (Abstract Only)

SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science Education

ABSTRACT

Cited By

Index Terms

Recommendations

Penetration Testing on Virtual Environments

Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition

A Penetration Testing Method for E-Commerce Authentication System Security

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

Digital Edition

Caption

Using CABECTPortal as a Case Study to Extend the Capabilities of Penetration Testing Tools (Abstract Only)

SIGCSE '15: Proceedings of the 46th ACM Technical Symposium on Computer Science Education

ABSTRACT

Cited By

Index Terms

Recommendations

Penetration Testing on Virtual Environments

Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition

A Penetration Testing Method for E-Commerce Authentication System Security

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

Digital Edition

Share this Publication link

Share on Social Media