DEVELOPMENT OF A SECURE LOGGING AND MANAGEMENT SYSTEM FOR PENETRATION TESTING

Herald of the Kazakh-British technical university Pub Date : 2023-07-02 DOI:10.55452/1998-6688-2023-20-2-125-136

S. А. Samburskaya

{"title":"DEVELOPMENT OF A SECURE LOGGING AND MANAGEMENT SYSTEM FOR PENETRATION TESTING","authors":"S. А. Samburskaya","doi":"10.55452/1998-6688-2023-20-2-125-136","DOIUrl":null,"url":null,"abstract":"The sphere of information security in Kazakhstan affects an increasing number of industries every year, and penetration testing is also gaining popularity, as it is one of the key methods for assessing the security and risks of a company. This article is devoted to the research and development of a web application to provide full control over the penetration testing process: monitoring the implementation of tasks and projects, reporting on all processes, dividing tasks between employees. The management system automatically selects recommendations for eliminating vulnerabilities and generates reports on penetration testing. As a classification algorithm, a decision tree is used. Differentiation of users by access levels, structured data storage, automatic recording of test results, generation of reports and selection of recommendations for eliminating vulnerabilities make the web application more perfect and convenient compared to similar systems. The importance of this study lies in the simplification of the implementation of penetration testing and the development of this service in Kazakhstan, which will improve the level of information security in enterprises of all industries.","PeriodicalId":447639,"journal":{"name":"Herald of the Kazakh-British technical university","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Herald of the Kazakh-British technical university","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.55452/1998-6688-2023-20-2-125-136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The sphere of information security in Kazakhstan affects an increasing number of industries every year, and penetration testing is also gaining popularity, as it is one of the key methods for assessing the security and risks of a company. This article is devoted to the research and development of a web application to provide full control over the penetration testing process: monitoring the implementation of tasks and projects, reporting on all processes, dividing tasks between employees. The management system automatically selects recommendations for eliminating vulnerabilities and generates reports on penetration testing. As a classification algorithm, a decision tree is used. Differentiation of users by access levels, structured data storage, automatic recording of test results, generation of reports and selection of recommendations for eliminating vulnerabilities make the web application more perfect and convenient compared to similar systems. The importance of this study lies in the simplification of the implementation of penetration testing and the development of this service in Kazakhstan, which will improve the level of information security in enterprises of all industries.

查看原文本刊更多论文

为渗透测试开发一个安全的日志记录和管理系统

哈萨克斯坦的信息安全领域每年影响越来越多的行业，渗透测试也越来越受欢迎，因为它是评估公司安全和风险的关键方法之一。本文致力于研究和开发一个web应用程序，以提供对渗透测试过程的完全控制:监视任务和项目的实现，报告所有过程，在员工之间划分任务。管理系统自动选择消除漏洞的建议，并生成关于渗透测试的报告。作为一种分类算法，使用了决策树。通过用户访问级别的区分、结构化的数据存储、测试结果的自动记录、报告的生成和漏洞消除建议的选择，使得web应用比同类系统更加完善和便捷。本研究的重要意义在于简化了渗透测试在哈萨克斯坦的实施和这项服务的发展，这将提高各行业企业的信息安全水平。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Herald of the Kazakh-British technical university

自引率

0.00%

发文量