Automating Penetration Testing Within Ambiguous Testing Environment

IF 1.3 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

International Journal of Innovative Computing Information and Control Pub Date : 2018-11-21 DOI:10.11113/IJIC.V8N3.180

Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid

{"title":"Automating Penetration Testing Within Ambiguous Testing Environment","authors":"Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid","doi":"10.11113/IJIC.V8N3.180","DOIUrl":null,"url":null,"abstract":"Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment. This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.","PeriodicalId":50314,"journal":{"name":"International Journal of Innovative Computing Information and Control","volume":"53 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2018-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Innovative Computing Information and Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.11113/IJIC.V8N3.180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 1

Abstract

Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment. This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.

查看原文本刊更多论文

在模糊测试环境中自动化渗透测试

自动化的web应用渗透测试已经成为一种趋势。利用渗透测试技术，给计算机分配了渗透web应用安全的任务。相关的计算机程序减少了评估web应用程序安全性所需的时间、成本和资源。同时，减少测试人员对人类知识的依赖。Web应用程序安全扫描程序是利用渗透测试技术自动评估Web应用程序安全性的一类程序。缺点是计算机不像人类那样构造良好。因此，web应用程序安全扫描器经常发现生成假警报，特别是在web应用程序源代码不可达的测试环境中。因此，本文系统回顾了黑盒web应用安全扫描器的发展现状，探讨了在模糊测试环境下检测web应用漏洞的方法。这项调查对于如何设计有效的算法来评估在模糊环境中使用渗透测试技术的web应用程序安全性提供了重要的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Innovative Computing Information and Control 工程技术-计算机：人工智能

CiteScore

3.20

自引率

20.00%

发文量

审稿时长

4.3 months

期刊介绍： The primary aim of the International Journal of Innovative Computing, Information and Control (IJICIC) is to publish high-quality papers of new developments and trends, novel techniques and approaches, innovative methodologies and technologies on the theory and applications of intelligent systems, information and control. The IJICIC is a peer-reviewed English language journal and is published bimonthly