Penetration Testing also known as pen test or pen testing, is a process to identify, exploit, and report vulnerabilities.
These vulnerabilities can exist in any system including applications, services, or operating systems.Penetration testing is a technique used to gain access to the system.
4. Introduction
Penetration Testing also known as pen test or pen testing, is a process to identify,
exploit, and report vulnerabilities.
These vulnerabilities can exist in any system including applications, services, or
operating systems.
Penetration testing is a technique used to gain access to the system.
5. Motivation
This research will help us web penetration test.
We use penetration in website to find threat. Pen testing involves examining
all your possible attack surfaces before a real cyberattack.
It's imperative to have it in continuous cycles as it shields your security
framework from becoming a costly liability.
You might have come across a popular saying: the best defense is a good
offense; pen-testing complements it in the cybersecurity landscape.
6. Research Objective
Penetration test of a website
Threat finding from a website
Finding vulnerability of website
Using SQL Injection
Cross-site scripting
7. Problem Description
Security vulnerabilities may breach data integrity in web applications, steal
confidential data, or affect web application availability.
Report from: CyberEdge Group 2021 Cyberthreat Defense Report
8. Problem Description
Report from: CyberEdge Group 2021 Cyberthreat Defense Report
More than three-
quarters of IT
security
professionals
believe a
successful cyber
attack is imminent
in 2021.
9. Literature Review
SL Paper Title Author Year Of
Publication
Findings Algorithm
01
Web Application
Penetration Testing Using
SQL Injection Attack.
Alde Alandaa,
Deni Satriaa,
M.Isthofa Ardhanaa, Andi
Ahmad Dahlanb,
Hanriyawan Adnan
Moodutoa
2021
This research uses penetration
testing with the black-box
method to test web application
security based on the list of
most attacks on the Open Web
Application Security Project
(OWASP), namely SQL Injection
SQL
Injection,
Post Method
02
Research and Solution of
Existing Security Problems
in Current Internet
Website System.
Gaoqi Wei
Xiaoyao Xie 2008
This research uses temper
resistant technology to find
website vulnerability
SQL
Injection,
Cross(CSRF)
03
Vulnerability Assessment
and Penetration Testing of
Web Application
Prof. Sangeeta Nagpure
Sonal Kurkure 2017
Finding security essue
organization checked by
Vulnerability Assessment and
Penetration Testing.
Cross-Site
Scripting
(XSS), SQL
Injection
(SQLi),
Cross(CSRF)
10. Literature Review
SL Paper Title Author Year Of
Publication
Findings Algorithm
04
Web penetration testing
using Nessus and
Metasploit tool.
Indraneel Mukhopodday,
Shilpam Goswami, Eshita
Mandal. 2014
This research uses penetration
test Using Nessus and Metasploit
tool to find out vulnerability of a
site.
Cross site
Scripting,
Security
Misconfigura
tion
05
Assessment of website
security by penetration
testing using Wireshark
Sandhya S1Sohini
Purkayastha2, Emil
Joshua3, Akash Deep
2017
This using Wireshark for testing
website security.
OWASP, BACK
TRACK,
SKIPFISH,
w3af
06
Solution to Web
Services Security and
Threats
Iqra Ilyas, Muhammad
Tayyab, Aliza Bashara 2018
Finding security essue e-
commerce site, health care units
Page rank
Trust rank
11. Proposed Methodology
Target
Information
Port Scanning
(Nmap)
System Finger
Printing (Nmap)
Identification of
Vulnerabilities
Mandate
Allows
Exploitation?
Website
(Acunetix)
Result &
Report
Writing
Exploit all Possible
vulnerabilities and
their prevention
Non-Destructive
Exploitation of
vulnerabilities
YES NO
DNS
Foot Printing
Google Search
WHO IS
Client Inputs
Admin login
12. Proposed Methodology
SQL Injection
Cross Site Scripting
LFI (Local File Inclusion)
Insecure Direct Object References
Cross Site Request Forgery
Security Misconfiguration
Insecure Cryptographic Storage
Failure to restrict URL Access
Insufficient Transport Layer Protection
Unvalidated Redirects and Forwards
Broken Authentication and Session Management
13. Expected Outcome
In our pen test report, we will expect to see an explanation of where these deeper
vulnerabilities lie, which assets are affected, how they were discovered and what are
the overall vulnerabilities report like:
Total alerts = ?
High alerts = ?
Low alerts = ?
Informational = ?
15. Tentative Schedule
Task ID Task Start Date End Date Task Duration
1 Research Methodology 1-July-22 30-July-22 29
2
Formulate Research Strategy, Research
Design and Select methods
1-August-22 28-August-22 27
3 Literature Review 1-Sept-22 20-Sept-22 19
4 Preparation of Research Proposal 22-Sept-22 30-Sept-22 08
5 Write Research Proposal 01-Oct-22 31-Oct-22 30
6 Proposal Defense 04-Nov-22 04-Nov-22 01
7 Sample Preparation
8 Sample Testing
9 Data Analysis
10 Edit Report
11 Write Final Report
12 Submission of Final Report
13 Preparation for Final Viva
14 Final Viva
16. Conclusion
Our investigation about web security on web portal.
Externally for vulnerabilities to determine the safety of user data on the site we test
penetration.
We know SQL injection, XSS, LFI attack is a still dangerous threat for web applications.
In our study, 80% of the websites that were tested in a standard manner still had a
weakness against SQL injection, XSS, LFI attacks.
So, we will be investigating manually and apply 11 exploit methods in one IP to
find-out the vulnerabilities.