Design and Development of an Automatic Penetration Test Generation Methodology for Security of Web Applications
- 1 Faculty of Engineering and Technology, M. S. Ramaiah University of Applied Sciences, Bangalore, India
Abstract
In today's world, web application security is becoming more crucial. Web applications frequently hold sensitive data, which might be compromised if it were to fall into the hands of a hostile attacker. This leads to significant losses for businesses and customers alike and exposes the qualities of confidentiality, integrity, and availability. A penetration test is an attempt to exploit vulnerabilities in an IT infrastructure with the goal of evaluating its security. Existing methodologies do not have a systematic basis to represent information gathered hence creating automatic attack generation difficult. The proposed model-based penetration test framework provides a repeatable, systematic approach for conducting penetration tests based on appropriate models of the behavior of the web application. It incorporates a novel approach for model-built security tests along the two scopes of vulnerability coverage criteria and automated attack generation from vulnerability mapping and abstract behavior of web applications. The algorithms are proposed for both manual and automatically driven penetration tests from the state models. The proposed approach is illustrated on a web app location within the banking sector exploiting input validation vulnerabilities.
DOI: https://doi.org/10.3844/jcssp.2024.1176.1184
Copyright: © 2024 Shilpa R. G., Pushphavathi T. P. and Murthy P. V. R.. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 834 Views
- 392 Downloads
- 0 Citations
Download
Keywords
- Penetration Testing
- Vulnerabilities
- SQL Injection
- Secondary SQL Injection
- Client-Side Manipulation
- Model Driven Testing
- State Models