Improving penetration testing through static and dynamic analysis

نویسندگان

  • William G. J. Halfond
  • Shauvik Roy Choudhary
  • Alessandro Orso
چکیده

Penetration testing is widely used to help ensure the security of web applications. Using penetration testing, testers discover vulnerabilities by simulating attacks on a target web application. To do this efficiently, testers rely on automated techniques that gather input vector information about the target web application and analyze the application’s responses to determine whether an attack was successful. Techniques for performing these steps are often incomplete, which can leave parts of the web application untested and vulnerabilities undiscovered. This paper proposes a new approach to penetration testing that addresses the limitations of current techniques. The approach incorporates two recently developed analysis techniques to improve input vector identification and detect when attacks have been successful against a web application. This paper compares the proposed approach against two popular penetration testing tools for a suite of web applications with known and unknown vulnerabilities. The evaluation results show that the proposed approach performs a more thorough penetration testing and leads to the discovery of more vulnerabilities than both the tools. Copyright q 2011 John Wiley & Sons, Ltd.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Comparision of Methods for Determining Bearing Capacity of Piles Using Standard Penetration Test (SPT) Data

In recent years, determining bearing capacity of piles from in-situ testing data as a complement to static and dynamic analysis has been used by geotechnical engineers. In this paper, different approaches for estimating bearing capacity of piles from SPT data are studied and compared. A new method based on N value from SPT is presented. Data averaging, failure zone and plunging failure of pil...

متن کامل

Comparision of Methods for Determining Bearing Capacity of Piles Using Standard Penetration Test (SPT) Data

In recent years, determining bearing capacity of piles from in-situ testing data as a complement to static and dynamic analysis has been used by geotechnical engineers. In this paper, different approaches for estimating bearing capacity of piles from SPT data are studied and compared. A new method based on N value from SPT is presented. Data averaging, &#10failure zone and plunging failure of p...

متن کامل

Effect of weight transfer training on static and dynamic balance of older women

The aim of this study was to determine the effect of weight transfer training on static and dynamic balance of older women. 20 accessible subjects that met our criteria divided randomly into two experimental and control groups. The experimental group trained for 6 weeks, 3 times a week and each session 60 minutes a day. Biodex balance system used for training and testing procedures. Data analys...

متن کامل

Evaluating Commercial Macroporous Resin (D201) for Uranium Uptake in Static and Dynamic Fixed Bed Ion Exchange Column

As part of the development of equipment and innovative technology for the process flow-sheet, a study on the selection of good resin for uranium uptake is ongoing. Both static and dynamic column equilibrium testing upon synthetic and Gattar pregnant leach solutions (PLS) were carried out to estimate the change of total capacity and breakthrough capacity of the commercial macroporous anion excha...

متن کامل

Security Testing: A Survey

Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual securit...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Softw. Test., Verif. Reliab.

دوره 21  شماره 

صفحات  -

تاریخ انتشار 2011