Affiliation:
1. Department of Computer Networks and Communications, King Faisal University, Al-Ahsa 31982, Saudi Arabia
Abstract
Websites are becoming increasingly effective communication tools. Nevertheless, web applications are vulnerable to attack and can give attackers access to sensitive information or unauthorized access to accounts. The number of vulnerabilities in web applications has increased dramatically over the past decade. Many are due to improper validation and sanitization of input. Identifying these vulnerabilities is essential for developing high-quality, secure web applications. Whenever a website is released to the public, it is required to have had penetration testing to a certain standard to ensure the security of the information. Application-level security vulnerability detection is possible for many commercial and open-source applications. However, developers are curious about which tools detect security vulnerabilities and how quickly they do so. The purpose of this study is to discuss penetration testing and how it can be implemented. This paper also explores the hazards and vulnerabilities associated with the web environment as well as the protective measures that can be taken. In addition, a comprehensive review and comparison of common web penetration testing tools is provided. The aim of this paper is to help web penetration testers choose a technology that is optimal for their requirements. The paper also sets out to guide and provide recommendations to users for choosing the best web penetration test tool and increasing their awareness of secure web environments. The study results indicate that not all web penetration testing tools offer the same features and that combining analysis tools can provide detailed information about web vulnerabilities.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference52 articles.
1. A survey on a web penetration test;Mirjalili;Adv. Comput. Sci. Int. J.,2014
2. Kam, H.J., and Pauli, J.J. (2011, January 12–15). Work in progress—web penetration testing: Effectiveness of student learning in Web application security. Proceedings of the 2011 Frontiers in Education Conference (FIE), Rapid City, SD, USA.
3. Web penetration testing using nessus and metasploit tool;Mukhopadhyay;IOSR J. Comput. Eng.,2014
4. Investigation and comparison of web application vulnerabilities test tools;Baykara;Int. J. Comput. Sci. Mob. Comput. (IJCSMC),2018
5. Web vulnerability through cross site scripting (XSS) detection with OWASP security shepherd;Wibowo;Indones. J. Inf. Syst.,2021
Cited by
22 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献