A study of penetration testing tools and approaches

As one of the most common techniques to assess information system security, penetration testing legally attempts to break into the target system by utilizing tools and techniques similar to those used by real hackers. The main objective of such technique is to e ectively call to light potential... Read more

[1]  Dafydd Stuttard,et al.  The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws , 2007 .

[2]  Fred Cohen,et al.  Managing network security - Part 9: Penetration testing? , 1997 .

[3]  Marco Vieira,et al.  Defending against Web Application Vulnerabilities , 2012, Computer.

[4]  E.Eugene Schultz Report: Hackers and penetration testing , 1997 .

[5]  Pieter H. Hartel,et al.  Training students to steal: a practical assignment in computer security education , 2011, SIGCSE '11.

[6]  Gary McGraw,et al.  Software Penetration Testing , 2005, IEEE Secur. Priv..

[7]  Wei Qi Yan,et al.  An Overview of Penetration Testing , 2014, Int. J. Digit. Crime Forensics.

[8]  Namdeo V. Kalyankar,et al.  Penetration Testing: A Roadmap to Network Security , 2009, ArXiv.

[9]  Gary Hardy,et al.  The relevance of penetration testing to corporate network security , 1997, Information Security Technical Report.

[10]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[11]  Matt Bishop,et al.  About Penetration Testing , 2007, IEEE Security & Privacy.

[12]  Wil Allsopp Unauthorised Access: Physical Penetration Testing For IT Security Teams , 2009 .

[13]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[14]  James S. Tiller,et al.  The Ethical Hack: A Framework for Business Value Penetration Testing , 2004 .

[15]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[16]  Johnny Long,et al.  Google Hacking for Penetration Testers , 2004 .

[17]  Nuela Guananga,et al.  Auditoría de la seguridad informática para el Honorable Gobierno Provincial de Tungurahua mediante la Metodología Open Source Security Testing Methodology Manual , 2015 .

[18]  Paul M. Summitt,et al.  How to Cheat at Managing Information Security , 2006 .

[19]  Herbert H. Thompson Application Penetration Testing , 2005, IEEE Secur. Priv..

[20]  Paul Asadoorian,et al.  Linksys WRT54G Ultimate Hacking , 2007 .

[21]  Laurie A. Williams,et al.  A comparison of the efficiency and effectiveness of vulnerability discovery techniques , 2013, Inf. Softw. Technol..

[22]  Chris Hare Improving Network Level Security through Real-time Monitoring and Intrusion Detection , 2000 .

[23]  Neil Barrett,et al.  Penetration testing and social engineering: Hacking the weakest link , 2003, Inf. Secur. Tech. Rep..

[24]  Alessandro Orso,et al.  Improving penetration testing through static and dynamic analysis , 2011, Softw. Test. Verification Reliab..

[25]  Lee Allen Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide , 2012 .

[26]  Clifford A. Lynch,et al.  Information Networking , 1994 .

[27]  E.Eugene Schultz,et al.  Feature: A systematic methodology for firewall penetration testing , 1996 .

[28]  Thomas Wilhelm,et al.  Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research , 2007 .

[29]  Shari Lawrence Pfleeger,et al.  A methodology for penetration testing , 1989, Comput. Secur..

[30]  Paul Midian,et al.  Feature: Perspectives on Penetration Testing - Black Box vs. White Box , 2002 .

[31]  김종 HackSim : An Automation of Penetration Testing for Remote Buffer Overflow Vulnerabilities , 2005 .

[32]  Paul Midian Perspectives on Penetration Testing , 2002 .

[33]  Reto E. Haeni Firewall Penetration Testing , 1997 .

[34]  Eric S. Seagren,et al.  How to Cheat at Configuring Open Source Security Tools , 2007 .

[35]  Stacy J. Prowell,et al.  Seven Deadliest Network Attacks , 2010 .

[36]  Franck Lebeau,et al.  Model-Based Vulnerability Testing for Web Applications , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[37]  Johnny Long Penetration tester's open source toolkit , 2006 .

[38]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[39]  Marco Vieira,et al.  Penetration Testing for Web Services , 2014, Computer.

[40]  Murugiah P. Souppaya,et al.  Guideline on Network Security Testing , 2003 .

[41]  Michael R. Lyu,et al.  Firewall security: policies, testing and performance evaluation , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[42]  Marco Vieira,et al.  Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services , 2009, 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing.

[43]  John Yeo,et al.  Using penetration testing to enhance your company's security , 2013 .

[44]  Tran Khanh Dang,et al.  Towards Side-Effects-free Database Penetration Testing , 2010, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[45]  James S. Tiller CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits , 2011 .

[46]  Sven Türpe,et al.  Testing Production Systems Safely: Common Precautions in Penetration Testing , 2009, 2009 Testing: Academic and Industrial Conference - Practice and Research Techniques.

[47]  Chung-Huang Yang,et al.  Using w3af to achieve automated penetration testing by live DVD/live USB , 2009, ICHIT '09.

[48]  John C. Mitchell,et al.  State of the Art: Automated Black-Box Web Application Vulnerability Testing , 2010, 2010 IEEE Symposium on Security and Privacy.

[49]  A. Samsudin,et al.  Development of penetration testing model for increasing network security , 2004, Proceedings. 2004 International Conference on Information and Communication Technologies: From Theory to Applications, 2004..

[50]  Marco Vieira,et al.  Using web security scanners to detect vulnerabilities in web services , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[51]  Frank Thornton,et al.  WarDriving and Wireless Penetration Testing , 2006 .

[52]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[53]  Chris Carthern,et al.  Introduction to Network Penetration Testing , 2015 .