Testing for Security Weakness of Web Applications using Ethical Hacking

2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184) Pub Date : 2020-06-01 DOI:10.1109/ICOEI48184.2020.9143018

R. S. Devi, M. M. Kumar

{"title":"Testing for Security Weakness of Web Applications using Ethical Hacking","authors":"R. S. Devi, M. M. Kumar","doi":"10.1109/ICOEI48184.2020.9143018","DOIUrl":null,"url":null,"abstract":"In the digital world, everything gets connected through the network, and when various services are provided by web applications people are susceptible to hacking. According to the 2019 internet security threat report by Symantec's, an average of 4, 800 websites are vulnerable to digital information theft (form jacking) attack. The main intent of this paper is to recognize openness and flaws in networks and web applications using penetration testing to protect the institutions from cyber threats. There are many scanning methods suggested by many authors to identify the weakness. But in our research, vulnerability analysis and assessment are done by the Nikto tool, [open web application security project] OWASP's Zed attack proxy tool, Netcraft, Sparta and network mapper (Nmap) have been tested through kali Linux platform and search engine. ZAP and Nikto tools are demonstrated in ten different domains to identify the security weakness. From the analysis medium, low-level attacks have been discovered by the ZAP tool. From the result comparison of the Nikto and zap tool, the Nikto tool identified more venerability than ZAP.","PeriodicalId":267795,"journal":{"name":"2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOEI48184.2020.9143018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

In the digital world, everything gets connected through the network, and when various services are provided by web applications people are susceptible to hacking. According to the 2019 internet security threat report by Symantec's, an average of 4, 800 websites are vulnerable to digital information theft (form jacking) attack. The main intent of this paper is to recognize openness and flaws in networks and web applications using penetration testing to protect the institutions from cyber threats. There are many scanning methods suggested by many authors to identify the weakness. But in our research, vulnerability analysis and assessment are done by the Nikto tool, [open web application security project] OWASP's Zed attack proxy tool, Netcraft, Sparta and network mapper (Nmap) have been tested through kali Linux platform and search engine. ZAP and Nikto tools are demonstrated in ten different domains to identify the security weakness. From the analysis medium, low-level attacks have been discovered by the ZAP tool. From the result comparison of the Nikto and zap tool, the Nikto tool identified more venerability than ZAP.

查看原文本刊更多论文

利用道德黑客技术测试Web应用程序的安全漏洞

在数字世界中，一切都是通过网络连接起来的，当网络应用程序提供各种服务时，人们很容易受到黑客攻击。根据赛门铁克2019年互联网安全威胁报告，平均有4800个网站容易受到数字信息盗窃(表单劫持)攻击。本文的主要目的是通过渗透测试来识别网络和web应用程序中的开放性和缺陷，以保护机构免受网络威胁。许多作者提出了许多扫描方法来识别弱点。但在我们的研究中，漏洞分析和评估是通过Nikto工具完成的，[开放式web应用安全项目]OWASP的Zed攻击代理工具，Netcraft, Sparta和网络映射器(Nmap)通过kali Linux平台和搜索引擎进行了测试。在十个不同的领域中演示了ZAP和Nikto工具，以识别安全弱点。从分析介质来看，ZAP工具已经发现了低级攻击。从Nikto和zap工具的对比结果来看，Nikto工具比zap工具更容易识别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184)

自引率

0.00%

发文量