Relevant bibliographies by topics / Penetration testing (Computer security)

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Penetration testing (Computer security)'

Author: Grafiati
Published: 4 June 2021
Last updated: 29 July 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Penetration testing (Computer security).'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Penetration testing (Computer security)"

1

Singh, Tarandeep, Akshat Bajpai, and Samiksha Shukla. "Ethical Hacking and Penetration Testing." International Journal for Research in Applied Science and Engineering Technology 12, no. 4 (April 30, 2024): 2924–30. http://dx.doi.org/10.22214/ijraset.2024.60506.

Full text
Abstract:
Abstract: Ethical hacking and penetration testing are crucial components of modern cyber security, aiming to identify and rectify security vulnerabilities in computer systems and networks. The huge number of inventions is constantly expanding. Information is getting doubled in less than a year. The advancement of technology has played an important role in our lives. In this era, the most important concern is computer security for companies and organizations. Unfortunately, the data we share over the internet is not secure in any way. Cyberattacks are getting complex and it is hard to detect them. This research paper provides a comprehensive analysis of ethical hacking and penetration testing, discussing their principles, methodologies, tools, legal aspects, and real-world applications.
APA, Harvard, Vancouver, ISO, and other styles
2

Boyanov, Petar. "VULNERABILITY PENETRATION TESTING THE COMPUTER AND NETWORK RESOURCES OF WINDOWS BASED OPERATING SYSTEMS." Journal scientific and applied research 5, no. 1 (May 6, 2014): 85–92. http://dx.doi.org/10.46687/jsar.v5i1.113.

Full text
Abstract:
In this paper a vulnerability penetration testing for several hosts in WLAN is made. The exploited operating systems were Microsoft Windows 7Enterprise and Microsoft Windows 8. It has been used an exploit named “Java storeImageArray () Invalid Array Index-ing Vulnerability”. Thanks to the open source penetration testing platform - Metasploit Framework the exploit was executed on the target hosts. The most important and critical rea-son the attack being successfully executed is connected with the human factor and interven-tion. Thereby, some security professionals and network administrators can use Metasploit Framework neither to run exploit nor to write security scripts in order to detect and protect the computer and network resources against various malicious cyber-attacks.
APA, Harvard, Vancouver, ISO, and other styles
3

Narayana Rao, T. Venkat, and Vemula Shravan. "Metasploit Unleashed Tool for Penetration Testing." International Journal on Recent and Innovation Trends in Computing and Communication 7, no. 4 (April 26, 2019): 16–20. http://dx.doi.org/10.17762/ijritcc.v7i4.5285.

Full text
Abstract:
In the recent era as the technology is growing rapidly, the use of internet has grown at an exponential rate. The growth has started increasing in between the years 1995-2000.The success of internet has brought great change to the world as we know; however, the problems are common as an obstacle to every productive growth. As the thousands of sites are launching daily and lakhs of people using it ,with limited sources of internet available to monitor the security and credibility of these sites. The security issues are growing rapidly and the existence of vulnerabilities are inevitable. As a result exploits became rampant causing the usage of information security fields. Eventually, the need for vulnerability scanning for a particular network or a particular site has increased and the result was pre-emptive existence of penetration testers whose sole purpose is to execute an exploit using a payload for scanning a vulnerability far before others got the opportunity. Metasploit is a computer security tool that works like a penetration tester. The Metasploit Framework was developed with the intentions of making lives of security experts easier.
APA, Harvard, Vancouver, ISO, and other styles
4

Tang, Tian, Mu-Chuan Zhou, Yi Quan, Jun-Liang Guo, V. S. Balaji, V. Gomathi, and V. Elamaran. "Penetration Testing and Security Assessment of Healthcare Records on Hospital Websites." Journal of Medical Imaging and Health Informatics 10, no. 9 (August 1, 2020): 2242–46. http://dx.doi.org/10.1166/jmihi.2020.3138.

Full text
Abstract:
At present, computer security is the flourishing field in the IT industry. Nowadays, the usage of computers and the Internet grows drastically, and hence, computers become vehicles for the attackers to spread viruses and worms, to distribute spam and spyware, and to perform denial-of-service attacks, etc. The IT engineers (even users) should know about network security threats, and at the same time, to some extent, they should know techniques to overcome the issues. The reliability and privacy of healthcare records of the patients are the most critical issue in the healthcare business industry sector. The security safeguards, such as physical, technical, and administrative safeguards, are crucial in protecting the information in all aspects. This article deals with the forty popular hospital portals in India related to the professional and network security related issues such as operating system guesses, number of open/closed/filtered ports, the name of the Web server, etc. The Nmap (network mapper) tool is used to analyze the results belong to the security perspective.
APA, Harvard, Vancouver, ISO, and other styles
5

SriNithi, D., G. Elavarasi, T. F. Michael Raj, and P. Sivaprakasam. "Improving Web Application Security Using Penetration Testing." Research Journal of Applied Sciences, Engineering and Technology 8, no. 5 (August 5, 2014): 658–63. http://dx.doi.org/10.19026/rjaset.8.1019.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Li, Chengcheng. "Penetration Testing Curriculum Development in Practice." Journal of Information Technology Education: Innovations in Practice 14 (2015): 085–99. http://dx.doi.org/10.28945/2189.

Full text
Abstract:
As both the frequency and the severity of network breaches have increased in recent years, it is essential that cybersecurity is incorporated into the core of business operations. Evidence from the U.S. Bureau of Labor Statistics (Bureau of Labor Statistics, 2012) indicates that there is, and will continue to be, a severe shortage of cybersecurity professionals nationwide throughout the next decade. To fill this job shortage we need a workforce with strong hands-on experience in the latest technologies and software tools to catch up with the rapid evolution of network technologies. It is vital that the IT professionals possess up-to-date technical skills and think and act one step ahead of the cyber criminals who are constantly probing and exploring system vulnerabilities. There is no perfect security mechanism that can defeat all the cyber-attacks; the traditional defensive security mechanism will eventually fail to the pervasive zero-day attacks. However, there are steps to follow to reduce an organization’s vulnerability to cyber-attacks and to mitigate damages. Active security tests of the network from a cyber-criminal’s perspective can identify system vulnerabilities that may lead to future breaches. “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. But if you know the enemy and know yourself, you need not fear the result of hundred battles” (Sun, 2013). Penetration testing is a discipline within cybersecurity that focuses on identifying and exploiting the vulnerabilities of a network, eventually obtaining access to the critical business information. The pentesters, the security professionals who perform penetration testing, or ethical hackers, break the triad of information security - Confidentiality, Integrity, and Accountability (CIA) - as if they were a cyber-criminal. The purpose of ethical hacking or penetration testing is to know what the “enemy” can do and then generate a report for the management team to aid in strengthening the system, never to cause any real damages. This paper introduces the development of a penetration testing curriculum as a core class in an undergraduate cybersecurity track in Information Technology. The teaching modules are developed based on the professional penetration testing life cycle. The concepts taught in the class are enforced by hands-on lab exercises. This paper also shares the resources that are available to institutions looking for teaching materials and grant opportunities to support efforts when creating a similar curriculum in cybersecurity.
APA, Harvard, Vancouver, ISO, and other styles
7

Mudiyanselage, Akalanka Karunarathne, and Lei Pan. "Security test MOODLE: a penetration testing case study." International Journal of Computers and Applications 42, no. 4 (November 13, 2017): 372–82. http://dx.doi.org/10.1080/1206212x.2017.1396413.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Yeo, John. "Using penetration testing to enhance your company's security." Computer Fraud & Security 2013, no. 4 (April 2013): 17–20. http://dx.doi.org/10.1016/s1361-3723(13)70039-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Bhardwaj, Barkha, and Shivam Tiwari. "Penetration Testing and Data Privacy: An In-Depth Review." Journal of Cyber Security in Computer System 2, no. 1 (February 23, 2023): 18–22. http://dx.doi.org/10.46610/jcscs.2023.v02i01.003.

Full text
Abstract:
This research paper provides a comprehensive review of penetration testing and data privacy. Penetration testing is a simulation of an attack on a computer system, network, or web application to identify vulnerabilities and assess the level of security. The objective of this review is to highlight the importance of penetration testing in ensuring the privacy and security of sensitive data. The paper will cover the different types of penetration testing, the processes involved, and the tools and techniques used in the testing. Additionally, the paper will also discuss the various challenges faced by organizations in implementing penetration testing and the measures that can be taken to overcome them. Furthermore, the paper will delve into data privacy and the role of penetration testing in ensuring the confidentiality, integrity, and availability of sensitive data. The review concludes by highlighting the significance of penetration testing in today's increasingly digital world and the need for organizations to invest in it.
APA, Harvard, Vancouver, ISO, and other styles
10

Gunawan, Teddy Surya, Muhammad Kasim Lim, Mira Kartiwi, Noreha Abdul Malik, and Nanang Ismail. "Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks." Indonesian Journal of Electrical Engineering and Computer Science 12, no. 2 (November 1, 2018): 729. http://dx.doi.org/10.11591/ijeecs.v12.i2.pp729-737.

Full text
Abstract:
Nowadays, computers, smart phones, smart watches, printers, projectors, washing machines, fridges, and other mobile devices connected to Internet are exposed to various threats and exploits. Of the various attacks, SQL injection, cross site scripting, Wordpress, and WPA2 attack were the most popular security attacks and will be further investigated in this paper. Kali Linux provides a great platform and medium in learning various types of exploits and peneteration testing. All the simulated attack will be conducted using Kali Linux installed on virtual machine in a compuer with Intel Core i5 and 8 GB RAM, while the victim’s machine is the host computer which run Windows 10 version 1709. Results showed that the attacks launched both on web and firewall were conducted successfully.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Penetration testing (Computer security)"

1

Dazet, Eric Francis. "ANEX: Automated Network Exploitation through Penetration Testing." DigitalCommons@CalPoly, 2016. https://digitalcommons.calpoly.edu/theses/1592.

Full text
Abstract:
Cyber attacks are a growing concern in our modern world, making security evaluation a critical venture. Penetration testing, the process of attempting to compromise a computer network with controlled tests, is a proven method of evaluating a system's security measures. However, penetration tests, and preventive security analysis in general, require considerable investments in money, time, and labor, which can cause them to be overlooked. Alternatively, automated penetration testing programs are used to conduct a security evaluation with less user effort, lower cost, and in a shorter period of time than manual penetration tests. The trade-off is that automated penetration testing tools are not as effective as manual tests. They are not as flexible as manual testing, cannot discover every vulnerability, and can lead to a false sense of security. The development of better automated tools can help organizations quickly and frequently know the state of their security measures and can help improve the manual penetration testing process by accelerating repetitive tasks without sacrificing results. This thesis presents Automated Network Exploitation through Penetration Testing (ANEX), an automated penetration testing system designed to infiltrate a computer network and map paths from a compromised network machine to a specified target machine. Our goal is to provide an effective security evaluation solution with minimal user involvement that is easily deployable in an existing system. ANEX demonstrates that important security information can be gathered through automated tools based solely on free-to-use programs. ANEX can also enhance the manual penetration testing process by quickly accumulating information about each machine to develop more focused testing procedures. Our results show that we are able to successfully infiltrate multiple network levels and exploit machines not directly accessible to our testing machine with mixed success. Overall, our design shows the efficacy of utilizing automated and open-source tools for penetration testing.
APA, Harvard, Vancouver, ISO, and other styles
2

Edström, Viktor, and Eldar Zeynalli. "Penetration testing a civilian drone : Reverse engineering software in search for security vulnerabilities." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280096.

Full text
Abstract:
Civilian drones have become more popular in recent years. As an IoT (Internet of Things) device full of state of the art technologies, its level of security is highly relevant. That is why we chose to take a look at the previous research done in the field to see how the attack surface of civilian drones looks. This revealed that drones are especially vulnerable to GPS and WiFi-based attacks. Furthermore, there have also been vulnerabilities discovered in the applications used by different civilian drones. We took a closer look at a certain drone model, DJI Mavic 2 Zoom, by analyzing its internals and reverse engineering certain parts of its software architecture to see what attacks it could be vulnerable to. Our research revealed that the drone uses a proprietary protocol dubbed Ocusync. This means it is not vulnerable to the same attacks as drone models that use WiFi. However, the drone could still be as vulnerable to GPS spoofing attacks. Through reverse engineering, we also discovered a vulnerability in the software of the drone, which has been reported to the manufacturer.
Civila drönare har under de senaste åren blivit mer populära. Som en IoT-enhet (Internet of Things) full av modern teknik är dess säkerhetsnivå mycket relevant. Det är därför vi valde att titta på den tidigare forskningen som har gjorts på området för att se hur attackytan på civila drönare ser ut. Detta avslöjade att de är särskilt sårbara för GPSoch WiFi-baserade attacker. Dessutom har det också upptäckts sårbarheter i applikationerna som används av olika civila drönare. Vi tittade närmare på en viss drönarmodell, DJI Mavic 2 Zoom, genom att analysera dess intern arkitektur och dekompilera vissa delar av programvaruarkitekturen för att se vilka attacker den kan vara sårbar för. Vår forskning avslöjade att drönaren använder ett proprietärt protokoll som kallas Ocusync. Det här innebär att drönaren inte är sårbart för samma attacker som modeller som använder WiFi. Däremot, kan drönaren vara lika sårbar för GPS-spoofing attacker. Med hjälp av dekompilering, upptäckte vi också en sårbarhet i drönarens mjukvara, som har rapporterats till tillverkaren.
APA, Harvard, Vancouver, ISO, and other styles
3

Nilsson, Robin. "Penetration testing of Android applications." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280290.

Full text
Abstract:
The market of Android applications is huge, and in 2019, Google Play users worldwide downloaded 84.3 billion mobile applications. With such a big user base, any security issues could have big negative impacts. That is why penetration testing of Android applications is important and it is also why Google has a bug bounty program where people can submit vulnerability reports on their most downloaded applications. The aim of the project was to assess the security of Android applications from the Google Play Security Reward Program by performing penetration tests on the applications. A threat model of Android applications was made where potential threats were identified. A choice was made to focus on the Spotify Application for Android where threats were given ratings based on risks associated with them in the context of the Spotify Application. Penetration tests were made where testing depth was determined by the ratings associated with the attacks.The results of the tests showed that the Spotify Application is secure, and no test showed any real possibility of exploiting the application. The perhaps biggest potential exploit found is a Denial of Service attack that can be made through a malicious application interacting with the Spotify application. The result doesn’t guarantee that the application isn’t penetrable and further testing is needed to give the result more reliability. The methods used in the project can however act as a template for further research into both Spotify and other Android applications.
Marknaden för Android applikationer är enorm och 2019 laddade Google Play användare ner 84.3 miljarder mobil-applikationer. Med en så stor användarbas kan potentiella säkerhetsproblem få stora negativa konsekvenser. Det är därför penetrationstest är viktiga och varför Google har ett bug bounty program där folk kan skicka in sårbarhetsrapporter för deras mest nedladdade applikationer. Målet med projektet är att bedöma säkerheten hos Android applikationer från Google Play Security Reward Program genom utförande av penetrationstester på applikationerna. En hotmodell över Android applikationer skapades, där potentiella hot identifierades. Ett val att fokusera på Spotify för Android gjordes, där hot gavs rankingar baserat på riskerna associerade med dem i kontexten av Spotify applikationen. Penetrationstest gjordes med testdjup avgjort av rankingarna associerade med attackerna.Resultatet av testen visade att Spotify applikationen var säker, och inga test visade på några riktiga utnyttjningsmöjligheter av applikationen. Den kanske största utnyttjningsmöjligheten som hittades var en Denial of Service-attack som kunde göras genom en illvillig applikation som interagerar med Spotify applikationen. Resultaten garanterar inte att applikationen inte är penetrerbar och fortsatt testande behövs för att ge resultatet mer trovärdighet. Metoderna som användes i projektet kan i alla fall agera som en mall för fortsatt undersökning av både Spotify såväl som andra Android applikationer.
APA, Harvard, Vancouver, ISO, and other styles
4

Vernersson, Susanne. "Penetration Testing in a Web Application Environment." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-8934.

Full text
Abstract:
As the use of web applications is increasing among a number of different industries, many companies turn to online applications to promote their services. Companies see the great advantages with web applications such as convenience, low costs and little need of additional hardware or software configuration. Meanwhile, the threats against web applications are scaling up where the attacker is not in need of much experience or knowledge to hack a poorly secured web application as the service easily can be accessed over the Internet. While common attacks such as cross-site scripting and SQL injection are still around and very much in use since a number of years, the hacker community constantly discovers new exploits making businesses in need of higher security. Penetration testing is a method used to estimate the security of a computer system, network or web application. The aim is to reveal possible vulnerabilities that could be exploited by a malicious attacker and suggest solutions to the given problem at hand. With the right security fixes, a business system can go from being a threat to its users’ sensitive data to a secure and functional platform with just a few adjustments. This thesis aims to help the IT security consultants at Combitech AB with detecting and securing the most common web application exploits that companies suffer from today. By providing Combitech with safe and easy methods to discover and fix the top security deficiencies, the restricted time spent at a client due to budget concerns can be made more efficient thanks to improvements in the internal testing methodology. The project can additionally be of interest to teachers, students and developers who want to know more about web application testing and security as well as common exploit scenarios.
APA, Harvard, Vancouver, ISO, and other styles
5

Gyulai, Sofia, and William Holmgren. "Testing and Improving the Security of a Mobile Application." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-157742.

Full text
Abstract:
When making new software systems, security testing should always be included in the process. In this thesis, attacks were identified and performed against a system consisting of two servers and an Android application. A penetration test was also performed against parts of the system. If an attack was successful, this was considered a vulnerability. The attacks that were identified and performed were a NoSQL injection attack a man-in-the-middle attack and reverse engineering. Through the man-in-the-middle attack and reverse engineering, breaching security properties such as confidentiality and integrity was possible. The NoSQL injection attack was not successful in breaching neither. No results from these could be used to exploit the system further. Countermeasures were taken to secure against the discovered vulnerabilities, and new instances of the attacks were performed after this as well. The overall conclusion is that the system is now secure against our implementations of the attacks performed in this thesis.
APA, Harvard, Vancouver, ISO, and other styles
6

Salih, Raman. "Adagio For The Internet Of Things : IoT penetration testing and security analysis of a smart plug." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-290926.

Full text
Abstract:
The emergence of the Internet of Things (IoT) shows us that more and more devices will be connected to the internet for all types of different purposes. One of those devices, the smart plug, have been rapidly deployed because of the ease it brings users into achieving home automation by turning their previous dumb devices smart by giving them the means of controlling the devices remotely. These IoT devices that gives the user control could however poseserious security problems if their vulnerabilities were not care fully investigated and analyzed before we blindly integrate them into our everyday life. In this paper, we do a threat model and subsequent penetration testing on a smart plug system made by particular brand by exploiting its singular communication protocol and we successfully launch five attacks: a replay attack, a MCU tampering attack, a firmware attack, a sniffing attack, and a denial-of-service attack. Our results show that we can hijack the device or obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing the IoT device.
Framväxten av sakernas internet (IoT)visar oss att fler och fler enheter kommer att anslutas tillinternet för alla möjliga olika ändamål. En av dessa enheter, den smarta strömbrytaren har snabbt distribuerats på grund av den lätthet den ger användare att uppnå hemautomation genom att göra sina tidigare dumma enheter smarta genom att ge användarna möjligheten att fjärrstyra de olika enheterna. Dessa IoT-enheter som ger användaren kontrollkan dock utgöra allvarliga säkerhetsproblem om deras sårbarheter inte undersöks noggrant och analyseras innan vi blint integrerar dem i vår vardag. I denna uppsats gör vi försten hotmodell och sedan penetrations testar vi en smart IoT strömbrytare som säljs av ett visst välkänt varumärke genom att utnyttja det enda kommunikationsprotokollet som finns på enheten och vi lyckas framgångsrikt med fem olikaattacker: en återuppspelningsattack, en MCU manipuleringsattack, en firmware-attack, enöverlyssningsattack och överbelastningsattack. Våra resultatvisar att vi kan enkelt kapa enheten samt få autentiseringsuppgifterna från enheten genom att utföra dessa attacker. Vi presenterar också riktlinjer för att kunna säkra IoT-enheten.
APA, Harvard, Vancouver, ISO, and other styles
7

Andersson, Gustaf, and Fredrik Andersson. "Android Environment Security." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-20512.

Full text
Abstract:
In modern times mobile devices are a increasing technology and malicious users are increasing as well. On a mobile device it often exist valuable private information that a malicious user is interested in and it often has lower security features implemented compared to computers. It is therefore important to be aware of the security risks that exist when using a mobile device in order to stay protected.In this thesis information about what security risks and attacks that are possible to execute towards a mobile device running Android will be presented. Possible attack scenarios are attacking the device itself, the communication between the device and a server and finally the server.
APA, Harvard, Vancouver, ISO, and other styles
8

Svensson, Benjamin, and Kristian Varnai. "Servicing a Connected Car Service." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2453.

Full text
Abstract:
Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed.
APA, Harvard, Vancouver, ISO, and other styles
9

Ottosson, Henrik, and Per Lindquist. "Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities." Thesis, Linköpings universitet, Databas och informationsteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148581.

Full text
Abstract:
Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments.
Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.
APA, Harvard, Vancouver, ISO, and other styles
10

Johnson, William. "Development of Peer Instruction Material for a Cybersecurity Curriculum." ScholarWorks@UNO, 2017. http://scholarworks.uno.edu/td/2367.

Full text
Abstract:
Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "Penetration testing (Computer security)"

1

Wolf, Halton, ed. Computer security and penetration testing. Boston: Thomson, 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Crest. Procuring penetration testing services. Ely, Cambridge, UK: IT Governance Pub., 2014.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Tedi, Heriyanto, and ebrary Inc, eds. BackTrack 4: Assuring security by penetration testing : master the art of penetration testing with BackTrack. Birmingham, U.K: Packt Open Source, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Crest, ed. Penetration testing services procurement guide. Ely, Cambridgeshire, UK: IT Governance Pub., 2014.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

W, Bayles Aaron, ed. Penetration tester's open source toolkit. Burlington, MA: Syngress Publishing, 2007.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

James, Broad, ed. The basics of hacking and penetration testing: Ethical hacking and penetration testing made easy. Waltham, MA: Syngress, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

Vacca, John R. Computer and information security handbook. Amsterdam: Elsevier, 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

Kennedy, David. Metasploit: The penetration tester's guide. San Francisco, Calif: No Starch Press, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

service), ScienceDirect (Online, ed. Professional penetration testing: Creating and operating a formal hacking lab. Rockland, Mass: Syngress, 2010.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

Maynor, David. Metasploit toolkit for penetration testing, exploit development, and vulnerability research. Burlington, MA: Syngress, 2007.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "Penetration testing (Computer security)"

1

Böhme, Rainer, and Márk Félegyházi. "Optimal Information Security Investment with Penetration Testing." In Lecture Notes in Computer Science, 21–37. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-17197-0_2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Ochang, Paschal A., and Philip Irving. "Security Analysis of VoIP Networks Through Penetration Testing." In Communications in Computer and Information Science, 601–10. Cham: Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-67642-5_50.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Caddy, Tom. "Penetration Testing." In Encyclopedia of Cryptography and Security, 920–21. Boston, MA: Springer US, 2011. http://dx.doi.org/10.1007/978-1-4419-5906-5_214.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Relan, Kunal. "iOS Security Toolkit." In iOS Penetration Testing, 73–96. Berkeley, CA: Apress, 2016. http://dx.doi.org/10.1007/978-1-4842-2355-0_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Weik, Martin H. "penetration testing." In Computer Science and Communications Dictionary, 1245. Boston, MA: Springer US, 2000. http://dx.doi.org/10.1007/1-4020-0613-6_13787.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Relan, Kunal. "iOS App Security Practices." In iOS Penetration Testing, 119–29. Berkeley, CA: Apress, 2016. http://dx.doi.org/10.1007/978-1-4842-2355-0_7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Hagar, Jon Duncan. "Internal Security Team Penetration Test Process." In IoT System Testing, 217–22. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-8276-2_15.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Xie, Bailin, Qi Li, and Hao Qian. "Weak Password Scanning System for Penetration Testing." In Cyberspace Safety and Security, 120–30. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-030-94029-4_9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Merkow, Mark S. "Testing Part 2: Penetration Testing/Dynamic Analysis/IAST/RASP." In Practical Security for Agile and DevOps, 115–25. Boca Raton: Auerbach Publications, 2021. http://dx.doi.org/10.1201/9781003265566-9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Tehranipoor, Mark, Kimia Zamiri Azar, Navid Asadizanjani, Fahim Rahman, Hadi Mardani Kamali, and Farimah Farahmandi. "SoC Security Verification Using Fuzz, Penetration, and AI Testing." In Hardware Security, 183–229. Cham: Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-58687-3_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Penetration testing (Computer security)"

1

Mubanda, Drake, Ngaira Mandela, Tumaini Mbinda, and Christopher Ayesiga. "Evaluating Docker Container Security through Penetration Testing: A Smart Computer Security." In 2023 International Conference on Communication, Security and Artificial Intelligence (ICCSAI). IEEE, 2023. http://dx.doi.org/10.1109/iccsai59793.2023.10421124.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

McLaughlin, Stephen, Dmitry Podkuiko, Sergei Miadzvezhanka, Adam Delozier, and Patrick McDaniel. "Multi-vendor penetration testing in the advanced metering infrastructure." In the 26th Annual Computer Security Applications Conference. New York, New York, USA: ACM Press, 2010. http://dx.doi.org/10.1145/1920261.1920277.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Dimkov, Trajce, Wolter Pieters, and Pieter Hartel. "Two methodologies for physical penetration testing using social engineering." In the 26th Annual Computer Security Applications Conference. New York, New York, USA: ACM Press, 2010. http://dx.doi.org/10.1145/1920261.1920319.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Li, Yue, Xiaolin Zhao, Chonghan Zeng, Yu Fu, and Ning Wang. "A Network System Security Assessment Method Based on Penetration Testing." In 2018 International Conference on Computer Science, Electronics and Communication Engineering (CSECE 2018). Paris, France: Atlantis Press, 2018. http://dx.doi.org/10.2991/csece-18.2018.19.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Soares, Nathalia, Steven Seiden, Ibrahim Baggili, and Andrew Webb. "On the Application of Synthetic Media to Penetration Testing." In ASIA CCS '23: ACM Asia Conference on Computer and Communications Security. New York, NY, USA: ACM, 2023. http://dx.doi.org/10.1145/3595353.3595886.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Goutam, Arvind, and Vijay Tiwari. "Vulnerability Assessment and Penetration Testing to Enhance the Security of Web Application." In 2019 4th International Conference on Information Systems and Computer Networks (ISCON). IEEE, 2019. http://dx.doi.org/10.1109/iscon47742.2019.9036175.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Kumar, A. Vijay, Tesfaye Belay, Dawit Hadush, and Tamirat. "Penetration Testing to Investigate Security Vulnerabilities, Bugs and Potential Threats in Flip Kart, JioMart, and Amazon Mobile Application." In 2023 International Conference on Computer Science and Emerging Technologies (CSET). IEEE, 2023. http://dx.doi.org/10.1109/cset58993.2023.10346929.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Siang, Lim Yi, and Vinesha Selvarajah. "Security Assurance through Penetration Testing." In 2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC). IEEE, 2022. http://dx.doi.org/10.1109/icmnwc56175.2022.10031663.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Epling, Lee, Brandon Hinkel, and Yi Hu. "Penetration testing in a box." In INFOSECCD '15: Information Security Curriculum Development Conference. New York, NY, USA: ACM, 2015. http://dx.doi.org/10.1145/2885990.2885996.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Shaukat, Kamran, Amber Faisal, Rabia Masood, Ayesha Usman, and Usman Shaukat. "Security quality assurance through penetration testing." In 2016 19th International Multi-Topic Conference (INMIC). IEEE, 2016. http://dx.doi.org/10.1109/inmic.2016.7840115.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Penetration testing (Computer security)"

1

Sparks, Sandy, and Russell B. Miller. Information Security Through Penetration Testing and Analysis: Final Report CRADA No. TC-1217-95. Office of Scientific and Technical Information (OSTI), December 2000. http://dx.doi.org/10.2172/1410054.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Sparks, S. Information Security Through Penetration Testing and Analysis: Final Report CRADA No. TC-1217-95. Office of Scientific and Technical Information (OSTI), December 2000. http://dx.doi.org/10.2172/790079.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Galili, Naftali, Roger P. Rohrbach, Itzhak Shmulevich, Yoram Fuchs, and Giora Zauberman. Non-Destructive Quality Sensing of High-Value Agricultural Commodities Through Response Analysis. United States Department of Agriculture, October 1994. http://dx.doi.org/10.32747/1994.7570549.bard.

Full text
Abstract:
The objectives of this project were to develop nondestructive methods for detection of internal properties and firmness of fruits and vegetables. One method was based on a soft piezoelectric film transducer developed in the Technion, for analysis of fruit response to low-energy excitation. The second method was a dot-matrix piezoelectric transducer of North Carolina State University, developed for contact-pressure analysis of fruit during impact. Two research teams, one in Israel and the other in North Carolina, coordinated their research effort according to the specific objectives of the project, to develop and apply the two complementary methods for quality control of agricultural commodities. In Israel: An improved firmness testing system was developed and tested with tropical fruits. The new system included an instrumented fruit-bed of three flexible piezoelectric sensors and miniature electromagnetic hammers, which served as fruit support and low-energy excitation device, respectively. Resonant frequencies were detected for determination of firmness index. Two new acoustic parameters were developed for evaluation of fruit firmness and maturity: a dumping-ratio and a centeroid of the frequency response. Experiments were performed with avocado and mango fruits. The internal damping ratio, which may indicate fruit ripeness, increased monotonically with time, while resonant frequencies and firmness indices decreased with time. Fruit samples were tested daily by destructive penetration test. A fairy high correlation was found in tropical fruits between the penetration force and the new acoustic parameters; a lower correlation was found between this parameter and the conventional firmness index. Improved table-top firmness testing units, Firmalon, with data-logging system and on-line data analysis capacity have been built. The new device was used for the full-scale experiments in the next two years, ahead of the original program and BARD timetable. Close cooperation was initiated with local industry for development of both off-line and on-line sorting and quality control of more agricultural commodities. Firmalon units were produced and operated in major packaging houses in Israel, Belgium and Washington State, on mango and avocado, apples, pears, tomatoes, melons and some other fruits, to gain field experience with the new method. The accumulated experimental data from all these activities is still analyzed, to improve firmness sorting criteria and shelf-life predicting curves for the different fruits. The test program in commercial CA storage facilities in Washington State included seven apple varieties: Fuji, Braeburn, Gala, Granny Smith, Jonagold, Red Delicious, Golden Delicious, and D'Anjou pear variety. FI master-curves could be developed for the Braeburn, Gala, Granny Smith and Jonagold apples. These fruits showed a steady ripening process during the test period. Yet, more work should be conducted to reduce scattering of the data and to determine the confidence limits of the method. Nearly constant FI in Red Delicious and the fluctuations of FI in the Fuji apples should be re-examined. Three sets of experiment were performed with Flandria tomatoes. Despite the complex structure of the tomatoes, the acoustic method could be used for firmness evaluation and to follow the ripening evolution with time. Close agreement was achieved between the auction expert evaluation and that of the nondestructive acoustic test, where firmness index of 4.0 and more indicated grade-A tomatoes. More work is performed to refine the sorting algorithm and to develop a general ripening scale for automatic grading of tomatoes for the fresh fruit market. Galia melons were tested in Israel, in simulated export conditions. It was concluded that the Firmalon is capable of detecting the ripening of melons nondestructively, and sorted out the defective fruits from the export shipment. The cooperation with local industry resulted in development of automatic on-line prototype of the acoustic sensor, that may be incorporated with the export quality control system for melons. More interesting is the development of the remote firmness sensing method for sealed CA cool-rooms, where most of the full-year fruit yield in stored for off-season consumption. Hundreds of ripening monitor systems have been installed in major fruit storage facilities, and being evaluated now by the consumers. If successful, the new method may cause a major change in long-term fruit storage technology. More uses of the acoustic test method have been considered, for monitoring fruit maturity and harvest time, testing fruit samples or each individual fruit when entering the storage facilities, packaging house and auction, and in the supermarket. This approach may result in a full line of equipment for nondestructive quality control of fruits and vegetables, from the orchard or the greenhouse, through the entire sorting, grading and storage process, up to the consumer table. The developed technology offers a tool to determine the maturity of the fruits nondestructively by monitoring their acoustic response to mechanical impulse on the tree. A special device was built and preliminary tested in mango fruit. More development is needed to develop a portable, hand operated sensing method for this purpose. In North Carolina: Analysis method based on an Auto-Regressive (AR) model was developed for detecting the first resonance of fruit from their response to mechanical impulse. The algorithm included a routine that detects the first resonant frequency from as many sensors as possible. Experiments on Red Delicious apples were performed and their firmness was determined. The AR method allowed the detection of the first resonance. The method could be fast enough to be utilized in a real time sorting machine. Yet, further study is needed to look for improvement of the search algorithm of the methods. An impact contact-pressure measurement system and Neural Network (NN) identification method were developed to investigate the relationships between surface pressure distributions on selected fruits and their respective internal textural qualities. A piezoelectric dot-matrix pressure transducer was developed for the purpose of acquiring time-sampled pressure profiles during impact. The acquired data was transferred into a personal computer and accurate visualization of animated data were presented. Preliminary test with 10 apples has been performed. Measurement were made by the contact-pressure transducer in two different positions. Complementary measurements were made on the same apples by using the Firmalon and Magness Taylor (MT) testers. Three-layer neural network was designed. 2/3 of the contact-pressure data were used as training input data and corresponding MT data as training target data. The remaining data were used as NN checking data. Six samples randomly chosen from the ten measured samples and their corresponding Firmalon values were used as the NN training and target data, respectively. The remaining four samples' data were input to the NN. The NN results consistent with the Firmness Tester values. So, if more training data would be obtained, the output should be more accurate. In addition, the Firmness Tester values do not consistent with MT firmness tester values. The NN method developed in this study appears to be a useful tool to emulate the MT Firmness test results without destroying the apple samples. To get more accurate estimation of MT firmness a much larger training data set is required. When the larger sensitive area of the pressure sensor being developed in this project becomes available, the entire contact 'shape' will provide additional information and the neural network results would be more accurate. It has been shown that the impact information can be utilized in the determination of internal quality factors of fruit. Until now,
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Penetration testing (Computer security)' for particular source types:
Journal articles Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography