SlideShare a Scribd company logo

Web Investigation Through Penetration Tests.pptx

Download as PPTX, PDF
E
EntertainmentMedley

Penetration Testing also known as pen test or pen testing, is a process to identify, exploit, and report vulnerabilities. These vulnerabilities can exist in any system including applications, services, or operating systems. Penetration testing is a technique used to gain access to the system.

Software
1 of 17
Web Investigation Through Penetration Tests
2 Agenda 1 Introductions 2 Motivation 3 Research Objective 4 Problem Description 5 Literature Review
3 Agenda 6 Proposed Methodology 7 Expected Outcome 8 Tentative Schedule 9 Conclusion
Introduction Penetration Testing also known as pen test or pen testing, is a process to identify, exploit, and report vulnerabilities. These vulnerabilities can exist in any system including applications, services, or operating systems. Penetration testing is a technique used to gain access to the system.
Motivation This research will help us web penetration test. We use penetration in website to find threat. Pen testing involves examining all your possible attack surfaces before a real cyberattack. It's imperative to have it in continuous cycles as it shields your security framework from becoming a costly liability. You might have come across a popular saying: the best defense is a good offense; pen-testing complements it in the cybersecurity landscape.
Research Objective Penetration test of a website Threat finding from a website Finding vulnerability of website Using SQL Injection Cross-site scripting
Problem Description Security vulnerabilities may breach data integrity in web applications, steal confidential data, or affect web application availability. Report from: CyberEdge Group 2021 Cyberthreat Defense Report
Problem Description Report from: CyberEdge Group 2021 Cyberthreat Defense Report More than three- quarters of IT security professionals believe a successful cyber attack is imminent in 2021.
Literature Review SL Paper Title Author Year Of Publication Findings Algorithm 01 Web Application Penetration Testing Using SQL Injection Attack. Alde Alandaa, Deni Satriaa, M.Isthofa Ardhanaa, Andi Ahmad Dahlanb, Hanriyawan Adnan Moodutoa 2021 This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection SQL Injection, Post Method 02 Research and Solution of Existing Security Problems in Current Internet Website System. Gaoqi Wei Xiaoyao Xie 2008 This research uses temper resistant technology to find website vulnerability SQL Injection, Cross(CSRF) 03 Vulnerability Assessment and Penetration Testing of Web Application Prof. Sangeeta Nagpure Sonal Kurkure 2017 Finding security essue organization checked by Vulnerability Assessment and Penetration Testing. Cross-Site Scripting (XSS), SQL Injection (SQLi), Cross(CSRF)
Literature Review SL Paper Title Author Year Of Publication Findings Algorithm 04 Web penetration testing using Nessus and Metasploit tool. Indraneel Mukhopodday, Shilpam Goswami, Eshita Mandal. 2014 This research uses penetration test Using Nessus and Metasploit tool to find out vulnerability of a site. Cross site Scripting, Security Misconfigura tion 05 Assessment of website security by penetration testing using Wireshark Sandhya S1Sohini Purkayastha2, Emil Joshua3, Akash Deep 2017 This using Wireshark for testing website security. OWASP, BACK TRACK, SKIPFISH, w3af 06 Solution to Web Services Security and Threats Iqra Ilyas, Muhammad Tayyab, Aliza Bashara 2018 Finding security essue e- commerce site, health care units Page rank Trust rank
Proposed Methodology Target Information Port Scanning (Nmap) System Finger Printing (Nmap) Identification of Vulnerabilities Mandate Allows Exploitation? Website (Acunetix) Result & Report Writing Exploit all Possible vulnerabilities and their prevention Non-Destructive Exploitation of vulnerabilities YES NO DNS Foot Printing Google Search WHO IS Client Inputs Admin login
Proposed Methodology SQL Injection Cross Site Scripting LFI (Local File Inclusion) Insecure Direct Object References Cross Site Request Forgery Security Misconfiguration Insecure Cryptographic Storage Failure to restrict URL Access Insufficient Transport Layer Protection Unvalidated Redirects and Forwards Broken Authentication and Session Management
Expected Outcome In our pen test report, we will expect to see an explanation of where these deeper vulnerabilities lie, which assets are affected, how they were discovered and what are the overall vulnerabilities report like:  Total alerts = ?  High alerts = ?  Low alerts = ?  Informational = ?
Expected Outcome Report From: https://www.threatintelligence.com Penetration Testing Comparison
Tentative Schedule Task ID Task Start Date End Date Task Duration 1 Research Methodology 1-July-22 30-July-22 29 2 Formulate Research Strategy, Research Design and Select methods 1-August-22 28-August-22 27 3 Literature Review 1-Sept-22 20-Sept-22 19 4 Preparation of Research Proposal 22-Sept-22 30-Sept-22 08 5 Write Research Proposal 01-Oct-22 31-Oct-22 30 6 Proposal Defense 04-Nov-22 04-Nov-22 01 7 Sample Preparation 8 Sample Testing 9 Data Analysis 10 Edit Report 11 Write Final Report 12 Submission of Final Report 13 Preparation for Final Viva 14 Final Viva
Conclusion Our investigation about web security on web portal. Externally for vulnerabilities to determine the safety of user data on the site we test penetration. We know SQL injection, XSS, LFI attack is a still dangerous threat for web applications. In our study, 80% of the websites that were tested in a standard manner still had a weakness against SQL injection, XSS, LFI attacks. So, we will be investigating manually and apply 11 exploit methods in one IP to find-out the vulnerabilities.
THANK YOU

Recommended

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Aditya K Sood
 
Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...IRJET Journal
 
Ijeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web applicationIjeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web applicationKumar Goud
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 

Recommended

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Aditya K Sood
 
Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...IRJET Journal
 
Ijeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web applicationIjeee 51-57-preventing sql injection attacks in web application
Ijeee 51-57-preventing sql injection attacks in web applicationKumar Goud
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxvrickens
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSCOMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSIJCI JOURNAL
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Project Presentation
Project Presentation Project Presentation
Project Presentation Inaam Ishaque Shaikh
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing rajRajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Sqlas tool to detect and prevent attacks in php web applications
Sqlas tool to detect and prevent attacks in php web applicationsSqlas tool to detect and prevent attacks in php web applications
Sqlas tool to detect and prevent attacks in php web applicationsijsptm
 
What is web Attack tools.pdf
What is web Attack tools.pdfWhat is web Attack tools.pdf
What is web Attack tools.pdfuzair
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Vulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docVulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docNuhuHamza
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...IJNSA Journal
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 

More Related Content

Similar to Web Investigation Through Penetration Tests.pptx

Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxvrickens
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSCOMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSIJCI JOURNAL
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Sqlas tool to detect and prevent attacks in php web applications
Sqlas tool to detect and prevent attacks in php web applicationsSqlas tool to detect and prevent attacks in php web applications
Sqlas tool to detect and prevent attacks in php web applicationsijsptm
 
What is web Attack tools.pdf
What is web Attack tools.pdfWhat is web Attack tools.pdf
What is web Attack tools.pdfuzair
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Vulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docVulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docNuhuHamza
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...IJNSA Journal
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 

Similar to Web Investigation Through Penetration Tests.pptx (20)

Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docx
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSCOMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODS
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Project Presentation
Project Presentation Project Presentation
Project Presentation
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Sqlas tool to detect and prevent attacks in php web applications
Sqlas tool to detect and prevent attacks in php web applicationsSqlas tool to detect and prevent attacks in php web applications
Sqlas tool to detect and prevent attacks in php web applications
 
What is web Attack tools.pdf
What is web Attack tools.pdfWhat is web Attack tools.pdf
What is web Attack tools.pdf
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
 
Vulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docVulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. doc
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 

Recently uploaded

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

Web Investigation Through Penetration Tests.pptx

  • 2. 2 Agenda 1 Introductions 2 Motivation 3 Research Objective 4 Problem Description 5 Literature Review
  • 3. 3 Agenda 6 Proposed Methodology 7 Expected Outcome 8 Tentative Schedule 9 Conclusion
  • 4. Introduction Penetration Testing also known as pen test or pen testing, is a process to identify, exploit, and report vulnerabilities. These vulnerabilities can exist in any system including applications, services, or operating systems. Penetration testing is a technique used to gain access to the system.
  • 5. Motivation This research will help us web penetration test. We use penetration in website to find threat. Pen testing involves examining all your possible attack surfaces before a real cyberattack. It's imperative to have it in continuous cycles as it shields your security framework from becoming a costly liability. You might have come across a popular saying: the best defense is a good offense; pen-testing complements it in the cybersecurity landscape.
  • 6. Research Objective Penetration test of a website Threat finding from a website Finding vulnerability of website Using SQL Injection Cross-site scripting
  • 7. Problem Description Security vulnerabilities may breach data integrity in web applications, steal confidential data, or affect web application availability. Report from: CyberEdge Group 2021 Cyberthreat Defense Report
  • 8. Problem Description Report from: CyberEdge Group 2021 Cyberthreat Defense Report More than three- quarters of IT security professionals believe a successful cyber attack is imminent in 2021.
  • 9. Literature Review SL Paper Title Author Year Of Publication Findings Algorithm 01 Web Application Penetration Testing Using SQL Injection Attack. Alde Alandaa, Deni Satriaa, M.Isthofa Ardhanaa, Andi Ahmad Dahlanb, Hanriyawan Adnan Moodutoa 2021 This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection SQL Injection, Post Method 02 Research and Solution of Existing Security Problems in Current Internet Website System. Gaoqi Wei Xiaoyao Xie 2008 This research uses temper resistant technology to find website vulnerability SQL Injection, Cross(CSRF) 03 Vulnerability Assessment and Penetration Testing of Web Application Prof. Sangeeta Nagpure Sonal Kurkure 2017 Finding security essue organization checked by Vulnerability Assessment and Penetration Testing. Cross-Site Scripting (XSS), SQL Injection (SQLi), Cross(CSRF)
  • 10. Literature Review SL Paper Title Author Year Of Publication Findings Algorithm 04 Web penetration testing using Nessus and Metasploit tool. Indraneel Mukhopodday, Shilpam Goswami, Eshita Mandal. 2014 This research uses penetration test Using Nessus and Metasploit tool to find out vulnerability of a site. Cross site Scripting, Security Misconfigura tion 05 Assessment of website security by penetration testing using Wireshark Sandhya S1Sohini Purkayastha2, Emil Joshua3, Akash Deep 2017 This using Wireshark for testing website security. OWASP, BACK TRACK, SKIPFISH, w3af 06 Solution to Web Services Security and Threats Iqra Ilyas, Muhammad Tayyab, Aliza Bashara 2018 Finding security essue e- commerce site, health care units Page rank Trust rank
  • 11. Proposed Methodology Target Information Port Scanning (Nmap) System Finger Printing (Nmap) Identification of Vulnerabilities Mandate Allows Exploitation? Website (Acunetix) Result & Report Writing Exploit all Possible vulnerabilities and their prevention Non-Destructive Exploitation of vulnerabilities YES NO DNS Foot Printing Google Search WHO IS Client Inputs Admin login
  • 12. Proposed Methodology SQL Injection Cross Site Scripting LFI (Local File Inclusion) Insecure Direct Object References Cross Site Request Forgery Security Misconfiguration Insecure Cryptographic Storage Failure to restrict URL Access Insufficient Transport Layer Protection Unvalidated Redirects and Forwards Broken Authentication and Session Management
  • 13. Expected Outcome In our pen test report, we will expect to see an explanation of where these deeper vulnerabilities lie, which assets are affected, how they were discovered and what are the overall vulnerabilities report like:  Total alerts = ?  High alerts = ?  Low alerts = ?  Informational = ?
  • 14. Expected Outcome Report From: https://www.threatintelligence.com Penetration Testing Comparison
  • 15. Tentative Schedule Task ID Task Start Date End Date Task Duration 1 Research Methodology 1-July-22 30-July-22 29 2 Formulate Research Strategy, Research Design and Select methods 1-August-22 28-August-22 27 3 Literature Review 1-Sept-22 20-Sept-22 19 4 Preparation of Research Proposal 22-Sept-22 30-Sept-22 08 5 Write Research Proposal 01-Oct-22 31-Oct-22 30 6 Proposal Defense 04-Nov-22 04-Nov-22 01 7 Sample Preparation 8 Sample Testing 9 Data Analysis 10 Edit Report 11 Write Final Report 12 Submission of Final Report 13 Preparation for Final Viva 14 Final Viva
  • 16. Conclusion Our investigation about web security on web portal. Externally for vulnerabilities to determine the safety of user data on the site we test penetration. We know SQL injection, XSS, LFI attack is a still dangerous threat for web applications. In our study, 80% of the websites that were tested in a standard manner still had a weakness against SQL injection, XSS, LFI attacks. So, we will be investigating manually and apply 11 exploit methods in one IP to find-out the vulnerabilities.