The week's pick
Random Articles
Reseach Article
Seven Phrase Penetration Testing Model
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 59 - Number 5 |
| Year of Publication: 2012 |
| Authors: Parvin Ami, Ashikali Hasan |
10.5120/9543-3991
|
Parvin Ami, Ashikali Hasan . Seven Phrase Penetration Testing Model. International Journal of Computer Applications. 59, 5 ( December 2012), 16-20. DOI=10.5120/9543-3991
Abstract
Generally most companies are using simple way to test a system is done by primary analysis and formal methods, Based on the observation that most security flaws are triggered due to a flawed interaction with the environment. Herein the model describes a sophisticated approach for testing almost all type of web applications and database integration system for possible security flaws. This approach is to be developed a dynamic model which have the capacity to bind the complex and lengthy procedure of penetration testing process. The proposed model is prepared using seven different Phases called as Seven Phase Penetration Testing Model (SPPT-Model). It simplifies the complex penetration testing procedure and allows penetration tester to evaluate accurately what faults to be exist in the target system. The dynamic model of penetration testing can be implementing freely and efficiently on almost all type of applications. This scheme can be used to classify informatics, analytical, complex, logical, well-known and common security flaws of huge or small application. As per the analysis it is classified that the model can be helpful to revealed 80% of the security flaws in the system.
References
- Andrey Petukhov, Dmitry Kozlov, Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing, https://www. owasp. org/images/3/3e/OWASP-AppSecEU08-Petukhov. pdf accessed on 22/11/2012
- Boris Beizer, Black-Box Testing: Techniques for Functional Testing of Software and Systems, Edition illustrated, Wiley, 1995, ISBN 978-0471120940
- Ashikali M. Hasan - Hackers Eye With CD(English Edition), Computer World, ISBN 978-9380010977
- Scott Loveland, Michael Shannon, Geoffrey Miller, Richard Prewitt, Jr. , and Software Testing Techniques: Finding the Defects That Matter, Programming Series, Editor, and Scott Loveland Edition illustrated, Cengage Learning, 2004, ISBN 978-1584503460.
- Software Testing: Principles and Practice, Srinivasan Desikan, Gopalaswamy Ramesh, Pearson Education India, 2006 ISBN 978-8177581218.
- Professional Penetration Testing: Creating and Operating a Formal Hacking Lab, Thomas Wilhelm, Syngress, 2009, ISBN 978-1597494250.
- Ashikali M. Hasan - Hacking An Introduction Computer World, ISBN 978-9380010984
- Patrick Engebretson, The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Syngress Basics Series Syngress Media The Basics,illustrated,Elsevier, 2011 ISBN 978-1597496551.
- Hacking Exposed Web App, Authors Joel Scambray, Mike Shema, Joel Scambray, Tata McGraw-Hill Education, 2006, ISBN 9780070619807.
- Harris, Gray Hat Hacking 2E, Tata McGraw-Hill Education, 2008 ISBN 9780070248649
- Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
- Hacking Exposed 6, McClure, Tata McGraw-Hill Education, 2009, ISBN 0070147183, 9780070147188
- The Unified Modeling Language – A User Guide
- Stephen Northcutt, Jerry Shenk,Dave Shackleford,Tim Rosenberg, Raul Siles, and Steve Mancini, SANS ANALYST Program june 2006
Index Terms
Keywords